|
218871
|
6.8 |
MEDIUM
Physics
|
nextcloud
|
nextcloud
|
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2019-5450
|
2024-11-21 13:44 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218872
|
4.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.
|
CWE-862
Missing Authorization
|
CVE-2019-5449
|
2024-11-21 13:44 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218873
|
8.1 |
HIGH
Network
|
yarnpkg
|
yarn
|
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-5448
|
2024-11-21 13:44 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218874
|
5.5 |
MEDIUM
Local
|
huawei
|
honor_magic_2_firmware
|
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit cer…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-5222
|
2024-11-21 13:44 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218875
|
5.3 |
MEDIUM
Network
|
http-file-server_project
|
http-file-server
|
A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.
|
CWE-22
Path Traversal
|
CVE-2019-5447
|
2024-11-21 13:44 |
2019-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218876
|
7.2 |
HIGH
Network
|
ui
|
edgeswitch_firmware
|
Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.
|
CWE-77
Command Injection
|
CVE-2019-5446
|
2024-11-21 13:44 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218877
|
4.9 |
MEDIUM
Network
|
ui
|
edgeswitch_firmware
|
DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-5445
|
2024-11-21 13:44 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218878
|
5.3 |
MEDIUM
Network
|
serve-here.js_project
|
serve-here.js
|
Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder.
|
CWE-22
Path Traversal
|
CVE-2019-5444
|
2024-11-21 13:44 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218879
|
6.5 |
MEDIUM
Adjacent
|
huawei
|
mate_20_x_firmware
|
There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successfu…
|
CWE-22
Path Traversal
|
CVE-2019-5221
|
2024-11-21 13:44 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218880
|
4.6 |
MEDIUM
Physics
|
huawei
|
mate_20_x_firmware
mate_20_firmware
honor_magic_2_firmware
|
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step…
|
CWE-863
Incorrect Authorization
|
CVE-2019-5220
|
2024-11-21 13:44 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
