|
222951
|
7.5 |
HIGH
Network
|
cksource
|
ckfinder
|
An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept file…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15862
|
2024-11-21 13:29 |
2019-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222952
|
9.8 |
CRITICAL
Network
|
lemonldap-ng
debian
|
lemonldap\
debian_linux
|
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an…
|
CWE-863
Incorrect Authorization
|
CVE-2019-15941
|
2024-11-21 13:29 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222953
|
9.1 |
CRITICAL
Network
|
suricata-ids
|
suricata
|
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-15699
|
2024-11-21 13:29 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222954
|
4.9 |
MEDIUM
Network
|
grafana
|
grafana
|
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and …
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-15635
|
2024-11-21 13:29 |
2019-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222955
|
8.8 |
HIGH
Network
|
valvesoftware
|
counter-strike\
|
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this serve…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-15943
|
2024-11-21 13:29 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222956
|
7.4 |
HIGH
Network
|
mi
|
xiaomi_millet_firmware
|
A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or maliciou…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15843
|
2024-11-21 13:29 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222957
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
|
CWE-863
Incorrect Authorization
|
CVE-2019-15729
|
2024-11-21 13:29 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222958
|
9.8 |
CRITICAL
Network
|
gitlab
|
omnibus
|
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
|
NVD-CWE-noinfo
|
CVE-2019-15741
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222959
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
|
CWE-200
Information Exposure
|
CVE-2019-15740
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222960
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15739
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
