CVE-2019-18454

An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS...

CVE-2019-18462

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions...

CVE-2019-15967

The CVE-2019-15967 issue affects Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software. A vulnerability in the CLI allows an authenticated, local attacker to enable audio recording without user notification by exploiting unnecessary debug commands and gaining unrestricted acces...

Multiple Cisco Products CVE-2019-15967 Local Security Bypass Vulnerability

Description Multiple Cisco Products are prone to a local security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCvq29891. Technologi...

CVE-2012-0694

CVE-2012-0694 affects SugarCRM Community Edition

Centos 7 : runc

An update for runc is now available for CentOS 7 Extras. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could...

CVE-2019-15962

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...

CVE-2019-15273

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

Design/Logic Flaw

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...

CVE-2019-15962

CVE-2019-15962 describes a local arbitrary file write vulnerability in Cisco TelePresence Collaboration Endpoint (CE) Software. The root cause is improper permission assignment in the CLI, allowing an authenticated, local attacker to log in as the remotesupport user and write files to the /root d...

CVE-2019-15277

The CVE-2019-15277 issue affects Cisco TelePresence Collaboration Endpoint Software (CE). It is a local privilege-escalation vulnerability in the CLI where an authenticated attacker can gain root privileges due to insufficient input validation. Exploitation requires authenticating as the remote s...

CVE-2019-15274

CVE-2019-15274 affects Cisco TelePresence Collaboration Endpoint (CE) Software. The vulnerability is in the CLI where insufficient input validation allows an authenticated, local attacker (with administrative access in the restricted shell) to submit crafted input to a specific command, enabling ...

Cisco TelePresence CE Software CVE-2019-15274 Local Command Injection Vulnerability

Description Cisco TelePresence CE Software is prone to a local command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands. This issue being tracked by Cisco Bug IDs CSCvq29893. Technologies Affected Cisco TelePresence CE Software 8.0.0 Cisco...

CVE-2019-16344

A cross-site scripting XSS vulnerability in the login form /ScadaBR/login.htm in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter...

CVE-2019-16891

CVE-2019-16891 affects Liferay Portal CE 6.2.5 (and related CVE mappings) and is described as remote command execution caused by deserialization of a JSON payload. The connected records corroborate deserialization-based RCE for Liferay Portal CE 6.2.5, with CVSS metrics indicating a high/severe i...

CVE-2019-16891

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload...

DEBIAN-CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

Cisco RoomOS Software License Issues Vulnerability

Cisco RoomOS Software is the United States Cisco Cisco company's set of automatic management software for Cisco devices. The software is mainly used to upgrade, manage the motherboard firmware of Cisco devices. An authorization issue vulnerability exists in versions of Cisco RoomOS Software prior...

CVE-2019-5463

An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...

Design/Logic Flaw

An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...