CVE-2018-20232

The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the rendering of retrieved content from a url location that could be...

Cross site scripting

The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the rendering of retrieved content from a url location that could be...

Arbitrary Code Execution

openvswitch is vulnerable to arbitrary code execution. A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory...

SugarCRM (addLabels) PHP Code Injection Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A PHP code...

Nmap Web Dashboard and Reporting: WebMap

Features Import and parse Nmap XML files Statistics and Charts on discovered services, ports, OS, etc… Inspect a single host by clicking on its IP address Attach labels on a host Insert notes for a specific host Create a PDF Report with charts, details, labels and notes Copy to clipboard as Nikto...

Netwide Assembler Null Pointer Dereference Vulnerability (CNVD-2019-05119)

Netwide Assembler NASM is a Linux-based assembler that creates binaries and writes bootloaders. A null pointer dereference vulnerability exists in the 'findlabel' function of the asm/labels.c file in NASM version 2.14rc15, which can be exploited by an attacker to cause a denial of service null...

GitLab: Add and Access to Labels of any Private Projects/Groups of Gitlab(IDOR)

Summary & Description : If you have a private project or private group then no non member should be able to access any information.But Adding Labels in your Private boards API request is vulnerable to IDOR attack which is leading to add private group/project labels and access it. Vulnerable Reque...

DEBIAN-CVE-2018-19209

Netwide Assembler NASM 2.14rc15 has a NULL pointer dereference in the function findlabel in asm/labels.c that will lead to a DoS attack...

UBUNTU-CVE-2018-19209

Netwide Assembler NASM 2.14rc15 has a NULL pointer dereference in the function findlabel in asm/labels.c that will lead to a DoS attack...

Important: Red Hat Security Advisory: Red Hat OpenShift Container Platform 3.10 security and bug fix update

Red Hat OpenShift Container Platform release 3.10.66 is now available with updates to packages and images that fix several security, bug, and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

GHSA-FWX5-5FQJ-JV98 Cross-Site Scripting in morris.js

Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script will run o...

Cross-Site Scripting in morris.js

Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script will run o...

Decoupled Router - Critical - Access bypass - SA-CONTRIB-2018-071

This module enables you to resolve the provided Drupal path in order to find the canonical path and information about the resolved entity. This information includes entity type ID, entity ID, entity UUID and entity label. The module doesn't sufficiently check access before displaying entity label...

Netwide Assembler Null Pointer Dereference Vulnerability

Netwide Assembler NASM is a Linux-based assembler that creates binaries and writes bootloaders. A null pointer dereference vulnerability exists in the asm/labels.c file in NASM, which can be exploited to cause a denial of service null pointer backreference with the help of a specially crafted fil...

CVE-2018-16517

asm/labels.c in Netwide Assembler NASM is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file...

DRUPAL-CONTRIB-2018-059

This module enables you to create fields for storing decimal values as two integers numerator and denominator for maximum precision. The module doesn't sufficiently filter XSS strings out of field labels. This vulnerability is mitigated by the fact that an attacker must have a role with the abili...

Fraction - Less critical - XSS vulnerability - SA-CONTRIB-2018-059

This module enables you to create fields for storing decimal values as two integers numerator and denominator for maximum precision. The module doesn't sufficiently filter XSS strings out of field labels. This vulnerability is mitigated by the fact that an attacker must have a role with the abili...

CVE-2017-16022

Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded...

Octopus Deploy Security Restriction Bypass Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy versions prior to 2018.4.7, which stems from the program's failure to check variable scopes for target and tenant labels against a list of tenan...

Fedora 26 : ckeditor (2018-1361f39801)

4.9.2 https://ckeditor.com/cke4/release/CKEditor-4.9.2 Security Updates - Fixed XSS vulnerability in the Enhanced Image image2 plugin reported by Kyaw Min Thein. - Issue summary: It was possible to execute XSS inside CKEditor using the tag and specially crafted HTML. Please note that the default...