MiracleLinux 7 : rh-postgresql95-postgresql-9.5.9-4.el7 (AXSA:2017-2468:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2468:03 advisory. Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use...

MAL-2024-10381 Malicious code in @isfe-common/testing-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b0513243009fb3882d731746421fa3effe8a4a86c8cef4d5d6053c63059a4b0e The OpenSSF Package Analysis project identified '@isfe-common/testing-utils' @ 9.5.9 npm as malicious. It is considered malicious because: - The...

Mattermost Server 9.5.x < 9.5.9 / 9.10.x < 9.10.2 / 9.11.x < 9.11.1 Multiple Vulnerabilities

The version of Mattermost Server installed on the remote host is prior to 9.5.9, 9.10.2, or 9.11.1. It is, therefore, affected by multiple vulnerabilities. - Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for...

Mattermost Server 9.5.x < 9.5.9 (MMSA-2024-00358)

The version of Mattermost Server installed on the remote host is prior to 9.5.9. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00358 advisory. - Mattermost versions 9.5.x = 9.5.8 fail to properly authorize access to archived channels when viewing archived channels i...

Security fix for the ALT Linux 9 package glpi version 9.5.9-alt1

9.5.9-alt1 built Sept. 23, 2022 Pavel Zilke in task 307140 Sept. 14, 2022 Pavel Zilke - New version 9.5.9 - This release fixes several critical security issues that has been recently discovered. Update is strongly recommended! - Security fixes: + CVE-2022-35945 : XSS through registration API +...

GitLab Cross-Site Scripting Vulnerability (CNVD-2020-27233)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in the Admin...

UBUNTU-CVE-2020-12276

GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature...

CVE-2020-12276

Removed by vendor...

PT-2020-13089 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 9.5.9 through 12.9 Description: The issue concerns a stored XSS vulnerability in an admin notification feature. This allows for malicious code to be stored and executed when the notification is viewed by an administrator...

CVE-2018-1481

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763...

CVE-2018-1485

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 140970...

CVE-2018-1476

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 140757...

CVE-2018-1478

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly laun...

CVE-2017-1231

CVE-2017-1231 affects IBM BigFix Platform 9.5 (9.5.0 to 9.5.9). The root cause is storing user credentials in plaintext on the server, allowing a local attacker to read them. Public references from NVD/CNVD/Nessus indicate an information-disclosure vulnerability with high impact when exposed loca...

Code execution vulnerability in the backend of phpcms v9.5.9 and prior versions

PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information and products. A code execution vulnerability exists in the backend of phpcms v9.5.9 and earlier versions. Allows attackers to perform...