|
221721
|
- |
|
-
|
-
|
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https:/…
|
-
|
CVE-2019-25211
|
2024-11-21 13:40 |
2024-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221722
|
- |
|
-
|
-
|
An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, s…
|
-
|
CVE-2019-25210
|
2024-11-21 13:40 |
2024-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221723
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
i2c: Fix a potential use after free
Free the adap structure only after we are done using it.
This patch just moves the put_device…
|
CWE-416
Use After Free
|
CVE-2019-25162
|
2024-11-21 13:40 |
2024-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221724
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
netlabel: fix out-of-bounds memory accesses
There are two array out-of-bounds memory accesses, one in
cipso_v4_map_lvl_valid(), t…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-25160
|
2024-11-21 13:40 |
2024-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221725
|
9.8 |
CRITICAL
Network
|
mpedraza2020
|
intranet_del_monterroso
|
A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the…
|
-
|
CVE-2019-25159
|
2024-11-21 13:40 |
2024-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221726
|
9.8 |
CRITICAL
Network
|
pedroetb
|
tts-api
|
A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os comman…
|
-
|
CVE-2019-25158
|
2024-11-21 13:40 |
2023-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221727
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions pri…
|
CWE-416
Use After Free
|
CVE-2019-2393
|
2024-11-21 13:40 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221728
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-2392
|
2024-11-21 13:40 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221729
|
7.8 |
HIGH
Local
|
google
|
android
|
In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional executi…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2019-2194
|
2024-11-21 13:40 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221730
|
5.3 |
MEDIUM
Network
|
mongodb
|
ops_manager
|
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc.…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-2388
|
2024-11-21 13:40 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
