|
222201
|
4.9 |
MEDIUM
Network
|
grafana
|
grafana
|
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and …
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-15635
|
2024-11-21 13:29 |
2019-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222202
|
8.8 |
HIGH
Network
|
valvesoftware
|
counter-strike\
|
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this serve…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-15943
|
2024-11-21 13:29 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222203
|
7.4 |
HIGH
Network
|
mi
|
xiaomi_millet_firmware
|
A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or maliciou…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15843
|
2024-11-21 13:29 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222204
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
|
CWE-863
Incorrect Authorization
|
CVE-2019-15729
|
2024-11-21 13:29 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222205
|
9.8 |
CRITICAL
Network
|
gitlab
|
omnibus
|
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
|
NVD-CWE-noinfo
|
CVE-2019-15741
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222206
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
|
CWE-200
Information Exposure
|
CVE-2019-15740
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222207
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15739
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222208
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.
|
CWE-200
Information Exposure
|
CVE-2019-15738
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222209
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.
|
NVD-CWE-noinfo
|
CVE-2019-15737
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222210
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-15736
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
