Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15593PUBLISHED: 2019-11-22GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285PUBLISHED: 2019-11-22If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286PUBLISHED: 2019-11-22An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16287PUBLISHED: 2019-11-22An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
CVE-2019-18909PUBLISHED: 2019-11-22The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
1 Comments
Tweet This