Export limit exceeded: 361808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361808 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15590 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration | ||||
| CVE-2019-15589 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.8 High |
| An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before. | ||||
| CVE-2019-15588 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 7.2 High |
| There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability. | ||||
| CVE-2019-15587 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.4 Medium |
| In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | ||||
| CVE-2019-15586 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.1 Medium |
| A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. | ||||
| CVE-2019-15585 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.8 Critical |
| Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. | ||||
| CVE-2019-15584 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. | ||||
| CVE-2019-15583 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. | ||||
| CVE-2019-15582 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. | ||||
| CVE-2019-15581 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. | ||||
| CVE-2019-15580 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted. | ||||
| CVE-2019-15579 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. | ||||
| CVE-2019-15578 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | ||||
| CVE-2019-15577 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing. | ||||
| CVE-2019-15576 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. | ||||
| CVE-2019-15575 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope. | ||||
| CVE-2019-15574 | 1 Cipsoft | 1 Gesior-aac | 2024-11-21 | N/A |
| Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. | ||||
| CVE-2019-15573 | 1 Cipsoft | 1 Gesior-aac | 2024-11-21 | N/A |
| Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. | ||||
| CVE-2019-15572 | 1 Cipsoft | 1 Gesior-aac | 2024-11-21 | N/A |
| Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. | ||||
| CVE-2019-15571 | 1 Clonos Project | 1 Clonos | 2024-11-21 | N/A |
| The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. | ||||