|
219211
|
4.8 |
MEDIUM
Network
|
hcltech
|
appscan_source
|
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI.
|
CWE-79
Cross-site Scripting
|
CVE-2019-4388
|
2024-11-21 13:43 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219212
|
6.5 |
MEDIUM
Network
|
elog_project
fedoraproject
|
elog
fedora
|
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2019-3996
|
2024-11-21 13:43 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219213
|
7.5 |
HIGH
Network
|
elog_project
fedoraproject
|
elog
fedora
|
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP …
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-3995
|
2024-11-21 13:43 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219214
|
7.5 |
HIGH
Network
|
elog_project
fedoraproject
|
elog
fedora
|
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST reques…
|
CWE-416
Use After Free
|
CVE-2019-3994
|
2024-11-21 13:43 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219215
|
7.5 |
HIGH
Network
|
elog_project
fedoraproject
|
elog
fedora
|
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-3993
|
2024-11-21 13:43 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219216
|
7.5 |
HIGH
Network
|
elog_project
fedoraproject
|
elog
fedora
|
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Among…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-3992
|
2024-11-21 13:43 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219217
|
6.5 |
MEDIUM
Network
|
ibm
|
mq_appliance
|
IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357.
|
NVD-CWE-noinfo
|
CVE-2019-4560
|
2024-11-21 13:43 |
2019-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219218
|
5.5 |
MEDIUM
Local
|
ibm
|
api_connect
|
IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credential…
|
CWE-200
Information Exposure
|
CVE-2019-4444
|
2024-11-21 13:43 |
2019-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219219
|
5.4 |
MEDIUM
Network
|
ibm
|
case_manager
business_automation_workflow
|
The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary Java…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4426
|
2024-11-21 13:43 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219220
|
7.8 |
HIGH
Local
|
ibm
|
db2_high_performance_unload_load
|
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable …
|
CWE-426
Untrusted Search Path
|
CVE-2019-4606
|
2024-11-21 13:43 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
