|
223251
|
8.8 |
HIGH
Network
|
eleveo
|
call_recording
|
A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to r…
|
CWE-269
Improper Privilege Management
|
CVE-2019-18822
|
2024-11-21 13:33 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223252
|
5.9 |
MEDIUM
Network
|
symantec
|
management_center
|
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to M…
|
CWE-352
Origin Validation Error
|
CVE-2019-18376
|
2024-11-21 13:33 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223253
|
6.5 |
MEDIUM
Network
|
broadcom
|
advanced_secure_gateway
symantec_proxysg
|
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a current…
|
NVD-CWE-noinfo
|
CVE-2019-18375
|
2024-11-21 13:33 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223254
|
5.9 |
MEDIUM
Network
|
opensuse
|
autoyast2
|
A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprec…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-18905
|
2024-11-21 13:33 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223255
|
7.5 |
HIGH
Network
|
opensuse
|
rmt-server
|
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-18904
|
2024-11-21 13:33 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223256
|
6.1 |
MEDIUM
Network
|
hitachienergy
|
esoms
|
For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19003
|
2024-11-21 13:33 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223257
|
5.4 |
MEDIUM
Network
|
hitachienergy
|
esoms
|
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might in…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19002
|
2024-11-21 13:33 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223258
|
6.5 |
MEDIUM
Network
|
hitachienergy
|
esoms
|
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the applicat…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2019-19001
|
2024-11-21 13:33 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223259
|
6.5 |
MEDIUM
Network
|
hitachienergy
|
esoms
|
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sen…
|
CWE-200
Information Exposure
|
CVE-2019-19000
|
2024-11-21 13:33 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223260
|
4.3 |
MEDIUM
Network
|
harriscomputer
|
ormed_mis
|
Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2Entrie…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-18626
|
2024-11-21 13:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
