Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2019
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
CVSS Score
8.8
EPSS Score
0.034
Published
2019-12-18
An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability.
CVSS Score
5.3
EPSS Score
0.007
Published
2019-12-18
An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-12-18
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-12-18
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-12-18
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.
CVSS Score
9.8
EPSS Score
0.025
Published
2019-12-18
A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
CVSS Score
9.8
EPSS Score
0.038
Published
2019-12-18
A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
CVSS Score
9.8
EPSS Score
0.025
Published
2019-12-18
A Path traversal exists in http_server which allows an attacker to read arbitrary system files.
CVSS Score
7.5
EPSS Score
0.015
Published
2019-12-18
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-12-18


Contact Us

Shodan ® - All rights reserved