Gitlab Exploits

479 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-11580 GITLAB CRITICAL
Atlassian Crowd 2.1.0-3.4.3 - Remote Code Execution via pdkinstall Plugin
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
by zeroauth
CVSS 9.8
CVE-2019-7304 GITLAB CRITICAL
Canonical snapd <2.37.1 - Command Injection
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
by initstring
CVSS 9.8
CVE-2019-6225 GITLAB HIGH
iPhone OS < 12.1.3 - Memory Corruption via Improved Validation
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.
by devpixel12
CVSS 7.8
CVE-2019-16398 GITLAB MEDIUM
Keeper K5 <20.1.0.25-20.1.0.63 - RCE
On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
by crypt0crc
CVSS 6.8
CVE-2019-16518 GITLAB MEDIUM
Vandy Vape Swell Kit Mod Firmware - Unintended Temperature Control via Bluetooth Low Energy Packets
An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values.
by crypt0crc
CVSS 4.3
CVE-2019-6447 GITLAB HIGH
ES File Explorer File Manager < 4.1.9.7.4 - Unauthenticated Arbitrary File Read via TCP Port 59777
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
by Intek13x
CVSS 8.1
CVE-2019-2107 GITLAB HIGH
Android 7.0-9 - Out-of-bounds Write in ihevcd_parse_pps
In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844.
by atm98
CVSS 8.8
CVE-2019-11932 GITLAB HIGH
WhatsApp < 2.19.244 - Remote Code Execution via GIF Image Parsing
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
by gavz
CVSS 8.8
CVE-2019-11933 GITLAB CRITICAL
WhatsApp for Android <2.19.291 - Buffer Overflow
A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.
by gavz
CVSS 9.8
CVE-2019-18651 GITLAB MEDIUM
3xLogic Infinias Access Control <=6.6.9586.0 - CSRF
A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session.
by crypt0crc
CVSS 6.5
CVE-2019-11931 GITLAB HIGH
WhatsApp <2.19.274 - Buffer Overflow
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
by gavz
CVSS 7.8
CVE-2019-0708 GITLAB CRITICAL
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by ntkernel
CVSS 9.8
CVE-2019-2215 GITLAB HIGH
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
by ntkernel
CVSS 7.8
CVE-2019-11687 GITLAB HIGH
NEMA DICOM Standard 1995-2019b - Code Injection
An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems, including Portable Executable (PE) files for Windows and Executable and Linkable Format (ELF) files for Linux-based systems. This space is left unspecified so that dual-purpose files can be created. For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging applications in medicine. This design flaw enables system-wide compromise as malicious DICOM files are routinely shared between medical devices and hospital systems and transported via removable media for patient care coordination. To exploit this vulnerability, someone must execute the maliciously crafted file. These files can be executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. DICOM files exist on systems that process protected health information, and successful exploitation could result in violations of regulatory compliance requirements such as HIPAA and FDA postmarket obligations.
by kosmokat
CVSS 7.8
CVE-2019-0567 GITLAB HIGH
ChakraCore - Remote Code Execution via Memory Corruption in Scripting Engine
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.
by samyuktha_p
CVSS 7.5
CVE-2019-19649 GITLAB CRITICAL
Zoho ManageEngine Applications Manager <13620 - SQL Injection
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
by eLeN3Re
CVSS 9.8
CVE-2019-19650 GITLAB HIGH
Zoho ManageEngine Applications Manager <13640 - SQL Injection
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.
by eLeN3Re
CVSS 8.8
CVE-2019-0708 GITLAB CRITICAL
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by alessio_
CVSS 9.8
CVE-2019-18652 GITLAB MEDIUM
WatchGuard XMT515 Firmware < 12.3 - DOM-Based Cross-Site Scripting via Crafted Link
A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362).
by crypt0crc
CVSS 6.1
CVE-2019-19781 GITLAB CRITICAL
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by bontchev
1 stars
CVSS 9.8
CVE-2019-19800 GITLAB MEDIUM
Zoho ManageEngine Applications Manager 14 < 14520 - Unauthenticated OS File Name Disclosure via FailOverHelperServlet
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.
by eLeN3Re
CVSS 5.3
CVE-2019-19799 GITLAB MEDIUM
ManageEngine Applications Manager < 14600 - Unauthenticated Information Disclosure via WieldFeedServlet
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.
by eLeN3Re
CVSS 5.3
CVE-2019-11043 GITLAB HIGH
PHP 7.1.x < 7.1.33, 7.2.x < 7.2.24, 7.3.x < 7.3.11 - Remote Code Execution via FPM Buffer Overflow
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
by yangsec888
CVSS 8.7
CVE-2019-15126 GITLAB LOW
Apple Ipados < 13.2 - TOCTOU Race Condition
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
by jamieoglindsey0
CVSS 3.1
CVE-2019-16098 GITLAB HIGH
Micro-Star MSI Afterburner 4.6.2.15658 - Privilege Escalation
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
by gavz
CVSS 7.8
By Source
All 479 Writeup 62,194 Exploitdb 50,076 Nomisec 22,389 Github 3,603 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,561 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25