|
211201
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
|
NVD-CWE-noinfo
|
CVE-2019-9732
|
2024-11-21 13:52 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211202
|
8.8 |
HIGH
Network
|
horde
debian
|
groupware
debian_linux
|
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image m…
|
CWE-22
Path Traversal
|
CVE-2019-9858
|
2024-11-21 13:52 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211203
|
8.8 |
HIGH
Network
|
westerndigital
|
my_cloud_firmware
my_cloud_mirror_gen2_firmware
my_cloud_ex2_ultra_firmware
my_cloud_ex2100_firmware
my_cloud_ex4100_firmware
my_cloud_dl2100_firmware
my_cloud_dl4100_firmware
my…
|
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privi…
|
CWE-59
Link Following
|
CVE-2019-9949
|
2024-11-21 13:52 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211204
|
6.5 |
MEDIUM
Network
|
otrs
debian
|
otrs
debian_linux
|
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permi…
|
CWE-91
Blind XPath Injection
|
CVE-2019-9892
|
2024-11-21 13:52 |
2019-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211205
|
8.1 |
HIGH
Adjacent
|
abus
|
secvest_wireless_alarm_system_fuaa50000_firmware
|
Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate …
|
CWE-310
Cryptographic Issues
|
CVE-2019-9861
|
2024-11-21 13:52 |
2019-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211206
|
7.5 |
HIGH
Network
|
eq-3
|
ccu3_firmware
|
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vul…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9727
|
2024-11-21 13:52 |
2019-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211207
|
7.5 |
HIGH
Network
|
eq-3
|
ccu3_firmware
|
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited…
|
CWE-22
Path Traversal
|
CVE-2019-9726
|
2024-11-21 13:52 |
2019-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211208
|
7.8 |
HIGH
Local
|
libreoffice
|
libreoffice
|
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the h…
|
CWE-20
Improper Input Validation
|
CVE-2019-9847
|
2024-11-21 13:52 |
2019-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211209
|
5.5 |
MEDIUM
Local
|
symantec
|
antivirus_engine
|
Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system wi…
|
NVD-CWE-noinfo
|
CVE-2019-9698
|
2024-11-21 13:52 |
2019-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211210
|
4.9 |
MEDIUM
Network
|
mahara
|
mahara
|
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out fro…
|
NVD-CWE-noinfo
|
CVE-2019-9708
|
2024-11-21 13:52 |
2019-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
