|
220901
|
9.8 |
CRITICAL
Network
|
aspose
|
aspose.pdf_for_c\+\+
|
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized me…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-5067
|
2024-11-21 13:44 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220902
|
9.8 |
CRITICAL
Network
|
aspose
|
aspose.pdf_for_c\+\+
|
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in …
|
CWE-416
Use After Free
|
CVE-2019-5066
|
2024-11-21 13:44 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220903
|
8.8 |
HIGH
Network
|
aspose
|
aspose.pdf_for_c\+\+
|
An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resultin…
|
CWE-416
Use After Free
|
CVE-2019-5042
|
2024-11-21 13:44 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220904
|
7.2 |
HIGH
Network
|
arubanetworks
|
arubaos
|
A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A maliciou…
|
CWE-78
OS Command
|
CVE-2019-5315
|
2024-11-21 13:44 |
2019-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220905
|
6.1 |
MEDIUM
Network
|
arubanetworks
|
arubaos
|
Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameter…
|
CWE-74
Injection
|
CVE-2019-5314
|
2024-11-21 13:44 |
2019-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220906
|
7.5 |
HIGH
Network
|
netgear
|
wnr2000_firmware
|
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-5055
|
2024-11-21 13:44 |
2019-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220907
|
7.5 |
HIGH
Network
|
netgear
|
wnr2000_firmware
|
An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty …
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-5054
|
2024-11-21 13:44 |
2019-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220908
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
|
CWE-79
Cross-site Scripting
|
CVE-2019-5471
|
2024-11-21 13:44 |
2019-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220909
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.…
|
CWE-79
Cross-site Scripting
|
CVE-2019-5467
|
2024-11-21 13:44 |
2019-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220910
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.…
|
CWE-200
CWE-862
Information Exposure
Missing Authorization
|
CVE-2019-5463
|
2024-11-21 13:44 |
2019-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
