|
221991
|
7.5 |
HIGH
Network
|
rubyonrails
debian
redhat
opensuse
fedoraproject
|
rails
debian_linux
cloudforms
leap
fedora
software_collections
|
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the targ…
|
NVD-CWE-noinfo
|
CVE-2019-5418
|
2024-11-21 13:44 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221992
|
7.5 |
HIGH
Network
|
zeit
|
serve
|
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.
|
CWE-22
Path Traversal
|
CVE-2019-5417
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221993
|
7.5 |
HIGH
Network
|
localhost-now_project
|
localhost-now
|
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.
|
CWE-22
Path Traversal
|
CVE-2019-5416
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221994
|
7.5 |
HIGH
Network
|
zeit
|
serve
|
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.
|
CWE-269
Improper Privilege Management
|
CVE-2019-5415
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221995
|
8.1 |
HIGH
Network
|
kill-port_project
|
kill-port
|
If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.
|
CWE-78
OS Command
|
CVE-2019-5414
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221996
|
9.8 |
CRITICAL
Network
|
morgan_project
|
morgan
|
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.
|
CWE-77
Command Injection
|
CVE-2019-5413
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221997
|
5.5 |
MEDIUM
Local
|
macpaw
|
cleanmymac_x
|
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon up…
|
CWE-459
Incomplete Cleanup
|
CVE-2019-5011
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221998
|
7.8 |
HIGH
Local
|
pixar
|
renderman
|
A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their…
|
NVD-CWE-noinfo
|
CVE-2019-5015
|
2024-11-21 13:44 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221999
|
9.8 |
CRITICAL
Network
|
rainbowpdf
|
office_server_document_converter
|
A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary P…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-5019
|
2024-11-21 13:44 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222000
|
9.8 |
CRITICAL
Network
|
wxjava_project
|
wxjava
|
An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for C…
|
CWE-611
XXE
|
CVE-2019-5312
|
2024-11-21 13:44 |
2019-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
