|
211371
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-9176
|
2024-11-21 13:51 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211372
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).
|
CWE-200
Information Exposure
|
CVE-2019-9175
|
2024-11-21 13:51 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211373
|
10.0 |
CRITICAL
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-9174
|
2024-11-21 13:51 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211374
|
5.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5).
|
NVD-CWE-noinfo
|
CVE-2019-9172
|
2024-11-21 13:51 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211375
|
3.7 |
LOW
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5).
|
CWE-862
Missing Authorization
|
CVE-2019-9171
|
2024-11-21 13:51 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211376
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-9170
|
2024-11-21 13:51 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211377
|
8.1 |
HIGH
Network
|
w1.fi
fedoraproject
opensuse
debian
synology
freebsd
|
hostapd
wpa_supplicant
fedora
leap
backports_sle
debian_linux
router_manager
radius_server
freebsd
|
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-p…
|
CWE-287
Improper Authentication
|
CVE-2019-9499
|
2024-11-21 13:51 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211378
|
8.1 |
HIGH
Network
|
w1.fi
fedoraproject
opensuse
debian
synology
freebsd
|
hostapd
wpa_supplicant
fedora
leap
backports_sle
debian_linux
router_manager
radius_server
freebsd
|
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Co…
|
CWE-287
Improper Authentication
|
CVE-2019-9498
|
2024-11-21 13:51 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211379
|
8.1 |
HIGH
Network
|
w1.fi
fedoraproject
|
hostapd
wpa_supplicant
fedora
|
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete …
|
CWE-287
Improper Authentication
|
CVE-2019-9497
|
2024-11-21 13:51 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211380
|
7.5 |
HIGH
Network
|
w1.fi
fedoraproject
|
hostapd
wpa_supplicant
fedora
|
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version o…
|
CWE-287
Improper Authentication
|
CVE-2019-9496
|
2024-11-21 13:51 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
