|
223291
|
7.8 |
HIGH
Local
|
kyrol
|
internet_security
|
An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution…
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2019-19820
|
2024-11-21 13:35 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223292
|
7.5 |
HIGH
Network
|
python
debian
fedoraproject
canonical
|
pillow
debian_linux
fedora
ubuntu_linux
|
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-19911
|
2024-11-21 13:35 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223293
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch int…
|
NVD-CWE-noinfo
|
CVE-2019-19629
|
2024-11-21 13:35 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223294
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities u…
|
CWE-22
Path Traversal
|
CVE-2019-19628
|
2024-11-21 13:35 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223295
|
7.5 |
HIGH
Network
|
sqlite
canonical
|
sqlite
ubuntu_linux
|
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by …
|
NVD-CWE-Other
|
CVE-2019-19959
|
2024-11-21 13:35 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223296
|
6.0 |
MEDIUM
Local
|
linux
opensuse
|
linux_kernel
leap
|
In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read ac…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19927
|
2024-11-21 13:35 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223297
|
5.3 |
MEDIUM
Network
|
mfscripts
|
yetishare
|
_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-19806
|
2024-11-21 13:35 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223298
|
5.3 |
MEDIUM
Network
|
mfscripts
|
yetishare
|
_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provid…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-19805
|
2024-11-21 13:35 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223299
|
7.5 |
HIGH
Network
|
mfscripts
|
yetishare
|
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2019-19739
|
2024-11-21 13:35 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223300
|
6.1 |
MEDIUM
Network
|
mfscripts
|
yetishare
|
log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scri…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19738
|
2024-11-21 13:35 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
