National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,833 matching records.
Displaying matches 1181 through 1200.
Vuln ID Summary CVSS Severity
CVE-2019-8445

Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.

Published: August 23, 2019; 10:15:11 AM -04:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-8444

The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.

Published: August 23, 2019; 10:15:11 AM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-14999

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.

Published: August 23, 2019; 10:15:11 AM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-13423

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time

Published: August 23, 2019; 10:15:11 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-13422

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.

Published: August 23, 2019; 10:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-13421

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

Published: August 23, 2019; 10:15:11 AM -04:00
V3.0: 4.9 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-11589

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Published: August 23, 2019; 10:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-11588

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.

Published: August 23, 2019; 10:15:11 AM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-11587

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

Published: August 23, 2019; 10:15:11 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-11586

The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.

Published: August 23, 2019; 10:15:10 AM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-11585

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

Published: August 23, 2019; 10:15:10 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-11584

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.

Published: August 23, 2019; 10:15:10 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15514

The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.

Published: August 23, 2019; 09:15:11 AM -04:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-15494

openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.

Published: August 23, 2019; 09:15:11 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15493

openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.

Published: August 23, 2019; 09:15:11 AM -04:00
V3.0: 7.5 HIGH
    V2: 6.4 MEDIUM
CVE-2019-15492

openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.

Published: August 23, 2019; 09:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15491

openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.

Published: August 23, 2019; 09:15:11 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15490

openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.

Published: August 23, 2019; 09:15:11 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15488

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.

Published: August 23, 2019; 09:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15487

DfE School Experience before v16333-GA has XSS via a teacher training URL.

Published: August 23, 2019; 09:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM