CVE-2019-5946
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
Source: CVE-2019-5946
[월:] 2019년 05월
CVE-2019-5947
CVE-2019-5947
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application ‘Cabinet’.
Source: CVE-2019-5947
CVE-2019-5957
CVE-2019-5957
Untrusted search path vulnerability in Installer of Electronic reception and examination of application for radio licenses Online 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Source: CVE-2019-5957
CVE-2019-6781
CVE-2019-6781
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.
Source: CVE-2019-6781
CVE-2019-5944
CVE-2019-5944
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application ‘Address’ without modify privileges via the application ‘Address’.
Source: CVE-2019-5944
CVE-2019-5953
CVE-2019-5953
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
Source: CVE-2019-5953
CVE-2019-5954
CVE-2019-5954
JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user’s registered information via unspecified vectors.
Source: CVE-2019-5954
CVE-2019-6787
CVE-2019-6787
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users.
Source: CVE-2019-6787
CVE-2019-5936
CVE-2019-5936
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application ‘Work Flow’.
Source: CVE-2019-5936
CVE-2019-5940
CVE-2019-5940
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application ‘Scheduler’.
Source: CVE-2019-5940