| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification. |
| A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input. |
| An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file. |
| An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. |
| An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message. |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization. |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration. |
| GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information. |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching. |
| A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. |
| XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. |
| www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. |
| mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS. |
| A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code. |
| An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary. |
