Total
8186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17671 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | |||||
| CVE-2019-17321 | 1 Clipsoft | 1 Rexpert | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required. | |||||
| CVE-2019-17018 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72. | |||||
| CVE-2019-16908 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. | |||||
| CVE-2019-16320 | 1 Cobham | 22 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware, Sailor 800 Vsat and 19 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community. | |||||
| CVE-2019-16285 | 1 Hp | 1 Thinpro Linux | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive. | |||||
| CVE-2019-16177 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Limesurvey before 3.17.14, the entire database is exposed through browser caching. | |||||
| CVE-2019-16157 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | |||||
| CVE-2019-15902 | 4 Debian, Linux, Netapp and 1 more | 7 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 4 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
| A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. | |||||
| CVE-2019-15891 | 1 Cksource | 1 Ckfinder | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection. | |||||
| CVE-2019-15859 | 1 Socomec | 2 Diris A-40, Diris A-40 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. | |||||
| CVE-2019-15740 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. | |||||
| CVE-2019-15738 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. | |||||
| CVE-2019-15734 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. | |||||
| CVE-2019-15733 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. | |||||
| CVE-2019-15727 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users. | |||||
| CVE-2019-15656 | 1 Dlink | 4 Dsl-2875al, Dsl-2875al Firmware, Dsl-2877al and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. | |||||
| CVE-2019-15583 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. | |||||
| CVE-2019-15580 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted. | |||||
| CVE-2019-15578 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | |||||