|
223761
|
3.3 |
LOW
Local
|
freebsd
|
freebsd
|
In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect…
|
CWE-665
Improper Initialization
|
CVE-2019-15875
|
2024-11-21 13:29 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223762
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
|
NVD-CWE-noinfo
|
CVE-2019-15594
|
2024-11-21 13:29 |
2020-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223763
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.
|
NVD-CWE-noinfo
|
CVE-2019-15592
|
2024-11-21 13:29 |
2020-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223764
|
9.8 |
CRITICAL
Network
|
nodejs
oracle
debian
redhat
opensuse
|
node.js
graalvm
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
enterprise_linux
enterprise_linux_eus
leap
|
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
|
NVD-CWE-Other
|
CVE-2019-15606
|
2024-11-21 13:29 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223765
|
9.8 |
CRITICAL
Network
|
nodejs
debian
fedoraproject
opensuse
redhat
oracle
|
node.js
debian_linux
fedora
leap
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
software_collections
enterprise_linux
enterprise_linux_server…
|
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-15605
|
2024-11-21 13:29 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223766
|
7.5 |
HIGH
Network
|
nodejs
debian
opensuse
redhat
oracle
|
node.js
debian_linux
leap
software_collections
enterprise_linux_eus
enterprise_linux_server_tus
enterprise_linux_server_aus
enterprise_linux
graalvm
communications_cloud_na…
|
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
|
CWE-295
Improper Certificate Validation
|
CVE-2019-15604
|
2024-11-21 13:29 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223767
|
7.8 |
HIGH
Local
|
fortinet
|
forticlient
|
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportL…
|
NVD-CWE-noinfo
|
CVE-2019-15711
|
2024-11-21 13:29 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223768
|
4.9 |
MEDIUM
Network
|
nextcloud
opensuse
suse
|
nextcloud_server
backports
suse_linux_enterprise_server
|
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
|
CWE-20
Improper Input Validation
|
CVE-2019-15624
|
2024-11-21 13:29 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223769
|
5.3 |
MEDIUM
Network
|
nextcloud
suse
opensuse
|
nextcloud_server
package_hub
backports_sle
|
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disable…
|
NVD-CWE-noinfo
|
CVE-2019-15623
|
2024-11-21 13:29 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223770
|
2.4 |
LOW
Physics
|
nextcloud
|
nextcloud
|
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.
|
CWE-89
SQL Injection
|
CVE-2019-15622
|
2024-11-21 13:29 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
