|
219441
|
9.8 |
CRITICAL
Network
|
ibm
|
rational_clearcase
|
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database.…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-4059
|
2024-11-21 13:43 |
2019-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219442
|
9.8 |
CRITICAL
Network
|
ibm
|
api_connect
|
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-4008
|
2024-11-21 13:43 |
2019-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219443
|
6.2 |
MEDIUM
Physics
|
ibm
|
security_identity_manager
|
IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness…
|
CWE-94
Code Injection
|
CVE-2019-4038
|
2024-11-21 13:43 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219444
|
6.1 |
MEDIUM
Network
|
ibm
|
i
|
IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading …
|
CWE-79
Cross-site Scripting
|
CVE-2019-4040
|
2024-11-21 13:43 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219445
|
8.1 |
HIGH
Network
|
facebook
|
hhvm
|
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the c…
|
CWE-22
Path Traversal
|
CVE-2019-3556
|
2024-11-21 13:42 |
2021-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219446
|
8.2 |
HIGH
Network
|
dell
|
emc_integrated_data_protection_appliance
emc_avamar_server
|
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) In…
|
CWE-611
XXE
|
CVE-2019-3752
|
2024-11-21 13:42 |
2021-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219447
|
4.1 |
MEDIUM
Physics
|
redhat
|
quay
|
A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's con…
|
-
|
CVE-2019-3867
|
2024-11-21 13:42 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219448
|
5.3 |
MEDIUM
Network
|
redhat
|
certification
|
It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this…
|
-
|
CVE-2019-3897
|
2024-11-21 13:42 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219449
|
5.3 |
MEDIUM
Network
|
360
|
360f5_firmware
|
In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause ot…
|
NVD-CWE-noinfo
|
CVE-2019-3405
|
2024-11-21 13:42 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219450
|
7.8 |
HIGH
Local
|
bundler
|
bundler
|
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler i…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-3881
|
2024-11-21 13:42 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
