|
212321
|
9.8 |
CRITICAL
Network
|
tldp
|
advanced_bash-scripting_guide
|
The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, v…
|
CWE-94
Code Injection
|
CVE-2019-9891
|
2024-11-21 13:52 |
2019-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212322
|
8.8 |
HIGH
Network
|
sitecore
|
cms
|
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parame…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-9875
|
2024-11-21 13:52 |
2019-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212323
|
9.8 |
CRITICAL
Network
|
sitecore
|
experience_platform
cms
|
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrar…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-9874
|
2024-11-21 13:52 |
2019-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212324
|
9.8 |
CRITICAL
Network
|
jector
|
fm-k75_firmware
|
Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9871
|
2024-11-21 13:52 |
2019-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212325
|
7.1 |
HIGH
Network
|
logicaldoc
|
logicaldoc
|
LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry.
|
CWE-22
Path Traversal
|
CVE-2019-9723
|
2024-11-21 13:52 |
2019-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212326
|
9.8 |
CRITICAL
Network
|
synacor
|
zimbra_collaboration_suite
|
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
|
CWE-611
XXE
|
CVE-2019-9670
|
2024-11-21 13:52 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212327
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure.
|
CWE-200
Information Exposure
|
CVE-2019-9866
|
2024-11-21 13:52 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212328
|
8.1 |
HIGH
Network
|
windriver
|
vxworks
|
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-9865
|
2024-11-21 13:52 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212329
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
|
NVD-CWE-noinfo
|
CVE-2019-9732
|
2024-11-21 13:52 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212330
|
8.8 |
HIGH
Network
|
horde
debian
|
groupware
debian_linux
|
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image m…
|
CWE-22
Path Traversal
|
CVE-2019-9858
|
2024-11-21 13:52 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
