|
223481
|
6.1 |
MEDIUM
Network
|
openidc
debian
fedoraproject
opensuse
|
mod_auth_openidc
debian_linux
fedora
leap
|
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
|
CWE-601
Open Redirect
|
CVE-2019-20479
|
2024-11-21 13:38 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223482
|
9.8 |
CRITICAL
Network
|
ruamel.yaml_project
|
ruamel.yaml
|
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaw…
|
NVD-CWE-noinfo
|
CVE-2019-20478
|
2024-11-21 13:38 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223483
|
9.8 |
CRITICAL
Network
|
pyyaml
fedoraproject
|
pyyaml
fedora
|
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue e…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-20477
|
2024-11-21 13:38 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223484
|
4.3 |
MEDIUM
Network
|
zohocorp
|
manageengine_remote_access_plus
|
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (re…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-20474
|
2024-11-21 13:38 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223485
|
7.8 |
HIGH
Local
|
goverlan
|
client_agent
reach_console
reach_server
|
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escal…
|
CWE-426
Untrusted Search Path
|
CVE-2019-20456
|
2024-11-21 13:38 |
2020-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223486
|
5.9 |
MEDIUM
Network
|
globalpayments
|
php_sdk
|
Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.
|
CWE-295
Improper Certificate Validation
|
CVE-2019-20455
|
2024-11-21 13:38 |
2020-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223487
|
7.5 |
HIGH
Network
|
pcre
fedoraproject
splunk
|
pcre2
fedora
universal_forwarder
|
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrust…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20454
|
2024-11-21 13:38 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223488
|
4.7 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
jira_data_center
|
The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12,…
|
CWE-352
Origin Validation Error
|
CVE-2019-20100
|
2024-11-21 13:38 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223489
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tr…
|
CWE-352
Origin Validation Error
|
CVE-2019-20099
|
2024-11-21 13:38 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223490
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by t…
|
CWE-352
Origin Validation Error
|
CVE-2019-20098
|
2024-11-21 13:38 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
