Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2019-5463
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-09-09
CVE-2019-5467
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-09-09
CVE-2019-5471
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-09-09
CVE-2019-5473
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.
CVSS Score
7.2
EPSS Score
0.002
Published
2019-09-09
CVE-2019-5461
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVSS Score
3.5
EPSS Score
0.001
Published
2019-09-09
CVE-2019-5483
Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-09-09
CVE-2019-12405
Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.
CVSS Score
9.8
EPSS Score
0.012
Published
2019-09-09
CVE-2019-16161
Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-09
CVE-2019-16162
Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-09
CVE-2019-16163
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved