|
222531
|
5.9 |
MEDIUM
Network
|
mitel
|
sip-dect_firmware
|
An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept s…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-19891
|
2024-11-21 13:35 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222532
|
5.5 |
MEDIUM
Local
|
gonitro
|
nitropdf
|
The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19819
|
2024-11-21 13:35 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222533
|
5.5 |
MEDIUM
Local
|
gonitro
|
nitro_free_pdf_reader
|
The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19817
|
2024-11-21 13:35 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222534
|
7.8 |
HIGH
Local
|
kyrol
|
internet_security
|
An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution…
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2019-19820
|
2024-11-21 13:35 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222535
|
7.5 |
HIGH
Network
|
python
debian
fedoraproject
canonical
|
pillow
debian_linux
fedora
ubuntu_linux
|
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-19911
|
2024-11-21 13:35 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222536
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch int…
|
NVD-CWE-noinfo
|
CVE-2019-19629
|
2024-11-21 13:35 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222537
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities u…
|
CWE-22
Path Traversal
|
CVE-2019-19628
|
2024-11-21 13:35 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222538
|
7.5 |
HIGH
Network
|
sqlite
canonical
|
sqlite
ubuntu_linux
|
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by …
|
NVD-CWE-Other
|
CVE-2019-19959
|
2024-11-21 13:35 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222539
|
6.0 |
MEDIUM
Local
|
linux
opensuse
|
linux_kernel
leap
|
In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read ac…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19927
|
2024-11-21 13:35 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222540
|
5.3 |
MEDIUM
Network
|
mfscripts
|
yetishare
|
_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-19806
|
2024-11-21 13:35 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
