|
221931
|
7.5 |
HIGH
Network
|
elastic
|
winlogbeat
|
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
|
NVD-CWE-Other
|
CVE-2019-7613
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221932
|
9.8 |
CRITICAL
Network
|
elastic
netapp
|
logstash
active_iq_performance_analytics_services
|
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credent…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-7612
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221933
|
9.0 |
CRITICAL
Network
|
elastic
|
kibana
|
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could se…
|
CWE-77
Command Injection
|
CVE-2019-7610
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221934
|
10.0 |
CRITICAL
Network
|
elastic
redhat
|
kibana
openshift_container_platform
|
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt…
|
CWE-94
Code Injection
|
CVE-2019-7609
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221935
|
6.1 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of ot…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7608
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221936
|
8.1 |
HIGH
Network
|
elastic
|
elasticsearch
|
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are us…
|
NVD-CWE-Other
|
CVE-2019-7611
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221937
|
8.8 |
HIGH
Network
|
ipycache_project
|
ipycache
|
A code injection issue was discovered in ipycache through 2016-05-31.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-7539
|
2024-11-21 13:48 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221938
|
9.8 |
CRITICAL
Network
|
pytroll
|
donfig
|
An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.
|
CWE-77
Command Injection
|
CVE-2019-7537
|
2024-11-21 13:48 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221939
|
6.5 |
MEDIUM
Network
|
woocommerce
|
paypal_checkout_payment_gateway
|
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchas…
|
NVD-CWE-noinfo
|
CVE-2019-7441
|
2024-11-21 13:48 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221940
|
6.5 |
MEDIUM
Network
|
jio
|
jiofi_4g_m2s_firmware
|
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
|
CWE-352
Origin Validation Error
|
CVE-2019-7440
|
2024-11-21 13:48 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
