CVE-2019-4147
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
Source: CVE-2019-4147
CVE-2019-5481
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
Source: CVE-2019-5481
CVE-2019-5482
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Source: CVE-2019-5482
CVE-2019-16371
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim’s account on a previously visited web site, because do_popupregister can be bypassed via clickjacking.
Source: CVE-2019-16371
CVE-2019-15741
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
Source: CVE-2019-15741
CVE-2019-16370
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
Source: CVE-2019-16370
CVE-2019-15740
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
Source: CVE-2019-15740
CVE-2019-15737
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.
Source: CVE-2019-15737
CVE-2019-15736
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
Source: CVE-2019-15736