|
218991
|
9.8 |
CRITICAL
Network
|
rubyonrails
debian
fedoraproject
|
rails
debian_linux
fedora
|
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can …
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2019-5420
|
2024-11-21 13:44 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218992
|
7.5 |
HIGH
Network
|
rubyonrails
debian
redhat
opensuse
fedoraproject
|
rails
debian_linux
software_collections
cloudforms
leap
fedora
|
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-5419
|
2024-11-21 13:44 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218993
|
7.5 |
HIGH
Network
|
rubyonrails
debian
redhat
opensuse
fedoraproject
|
rails
debian_linux
cloudforms
leap
fedora
software_collections
|
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the targ…
|
NVD-CWE-noinfo
|
CVE-2019-5418
|
2024-11-21 13:44 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218994
|
7.5 |
HIGH
Network
|
zeit
|
serve
|
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.
|
CWE-22
Path Traversal
|
CVE-2019-5417
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218995
|
7.5 |
HIGH
Network
|
localhost-now_project
|
localhost-now
|
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.
|
CWE-22
Path Traversal
|
CVE-2019-5416
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218996
|
7.5 |
HIGH
Network
|
zeit
|
serve
|
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.
|
CWE-269
Improper Privilege Management
|
CVE-2019-5415
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218997
|
8.1 |
HIGH
Network
|
kill-port_project
|
kill-port
|
If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.
|
CWE-78
OS Command
|
CVE-2019-5414
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218998
|
9.8 |
CRITICAL
Network
|
morgan_project
|
morgan
|
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.
|
CWE-77
Command Injection
|
CVE-2019-5413
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218999
|
5.5 |
MEDIUM
Local
|
macpaw
|
cleanmymac_x
|
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon up…
|
CWE-459
Incomplete Cleanup
|
CVE-2019-5011
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219000
|
7.8 |
HIGH
Local
|
pixar
|
renderman
|
A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their…
|
NVD-CWE-noinfo
|
CVE-2019-5015
|
2024-11-21 13:44 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
