|
222221
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.
|
CWE-862
Missing Authorization
|
CVE-2019-15723
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222222
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-15722
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222223
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-15721
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222224
|
6.1 |
MEDIUM
Network
|
redmineup
|
crm
|
The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15950
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222225
|
9.8 |
CRITICAL
Network
|
dlink
|
dns-320_firmware
|
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
|
CWE-78
OS Command
|
CVE-2019-16057
|
2024-11-21 13:29 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222226
|
9.8 |
CRITICAL
Network
|
lifterlms
|
lifterlms
|
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulner…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-15896
|
2024-11-21 13:29 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222227
|
7.5 |
HIGH
Network
|
search_exclude_project
|
search_exclude
|
search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-15895
|
2024-11-21 13:29 |
2019-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222228
|
7.5 |
HIGH
Network
|
digium
|
asterisk
|
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.
|
CWE-20
Improper Input Validation
|
CVE-2019-15639
|
2024-11-21 13:29 |
2019-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222229
|
9.8 |
CRITICAL
Network
|
airbrake
|
airbrake_ruby
|
The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 an…
|
NVD-CWE-noinfo
|
CVE-2019-16060
|
2024-11-21 13:29 |
2019-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222230
|
8.8 |
HIGH
Network
|
sapplica
|
sentrifugo
|
Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.
|
CWE-352
Origin Validation Error
|
CVE-2019-16059
|
2024-11-21 13:29 |
2019-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
