|
223421
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.
|
CWE-200
Information Exposure
|
CVE-2019-18461
|
2024-11-21 13:33 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223422
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
|
CWE-200
Information Exposure
|
CVE-2019-18460
|
2024-11-21 13:33 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223423
|
9.8 |
CRITICAL
Network
|
broadcom
|
symantec_critical_system_protection
|
Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat …
|
CWE-287
Improper Authentication
|
CVE-2019-18374
|
2024-11-21 13:33 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223424
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-18675
|
2024-11-21 13:33 |
2019-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223425
|
6.8 |
MEDIUM
Physics
|
hp
|
thinpro
|
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
|
CWE-78
OS Command
|
CVE-2019-18910
|
2024-11-21 13:33 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223426
|
8.0 |
HIGH
Adjacent
|
hp
|
thinpro
|
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
|
CWE-78
OS Command
|
CVE-2019-18909
|
2024-11-21 13:33 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223427
|
9.8 |
CRITICAL
Network
|
phpmyadmin
opensuse
fedoraproject
|
phpmyadmin
leap
fedora
backports_sle
|
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
|
CWE-89
SQL Injection
|
CVE-2019-18622
|
2024-11-21 13:33 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223428
|
8.8 |
HIGH
Network
|
digium
debian
|
certified_asterisk
asterisk
debian_linux
|
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user withou…
|
CWE-862
Missing Authorization
|
CVE-2019-18610
|
2024-11-21 13:33 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223429
|
7.5 |
HIGH
Network
|
digium
debian
|
certified_asterisk
asterisk
debian_linux
|
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-18976
|
2024-11-21 13:33 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223430
|
6.5 |
MEDIUM
Network
|
digium
debian
|
certified_asterisk
asterisk
debian_linux
|
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sen…
|
CWE-862
Missing Authorization
|
CVE-2019-18790
|
2024-11-21 13:33 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
