|
223751
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.
|
CWE-22
Path Traversal
|
CVE-2019-19088
|
2024-11-21 13:34 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223752
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19087
|
2024-11-21 13:34 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223753
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19086
|
2024-11-21 13:34 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223754
|
6.5 |
MEDIUM
Adjacent
|
huawei
|
p30_firmware
|
HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit t…
|
NVD-CWE-noinfo
|
CVE-2019-19441
|
2024-11-21 13:34 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223755
|
8.1 |
HIGH
Network
|
xmlblueprint
|
xmlblueprint
|
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vect…
|
CWE-611
XXE
|
CVE-2019-19032
|
2024-11-21 13:34 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223756
|
8.1 |
HIGH
Network
|
edit-xml
|
easy_xml_editor
|
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: S…
|
CWE-611
XXE
|
CVE-2019-19031
|
2024-11-21 13:34 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223757
|
7.8 |
HIGH
Local
|
tinywall
|
tinywall
|
Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and inc…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-19470
|
2024-11-21 13:34 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223758
|
5.4 |
MEDIUM
Network
|
jetbrains
|
ktor
|
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
|
CWE-74
Injection
|
CVE-2019-19389
|
2024-11-21 13:34 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223759
|
9.8 |
CRITICAL
Network
|
huawei
|
m5_lite_10_firmware
|
M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify th…
|
CWE-20
Improper Input Validation
|
CVE-2019-19398
|
2024-11-21 13:34 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223760
|
5.4 |
MEDIUM
Network
|
cridio
|
listingpro
|
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19542
|
2024-11-21 13:34 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
