4391 matches found
Critical Bug in Android Antivirus Exposes Address Books
A slew of popular free Android antivirus apps in recent testing proved to have security holes and privacy issues – including a critical vulnerability that exposes user’s address books, and another serious flaw that enables attackers to turn off antivirus protection entirely. According to an...
Real Estate 7 < 2.9.1 - Stored XSS & IDOR
The 'Real Estate 7' premium WordPress theme is vulnerable to persistent XSS injection that allows an attacker to inject JavaScript or HTML code into the website front-end. There is also an Insecure Direct Object Reference issue, allowing unauthorized users to edit listings they should not have...
CVE-2018-19584
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...
CVE-2018-19584
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...
CVE-2018-19582
GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...
CVE-2018-19581
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...
CVE-2018-19582
GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...
CVE-2018-19578
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...
CVE-2018-19581
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...
CVE-2018-19578
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...
Deserialization of untrusted data
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...
Design/Logic Flaw
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...
Design/Logic Flaw
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...
CVE-2018-19582
GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...
CVE-2018-19581
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...
CVE-2018-19578
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...
CVE-2018-19584
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...
Design/Logic Flaw
GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...
CVE-2018-19578
GitLab EE 11.5 before 11.5.1 is vulnerable to an insecure object reference that allows a user with Reporter privileges to view the Jaeger Tracing Operations page. Root cause: improper access control on the Jaeger operations page. Impact: exposure of tracing page content to users with limited perm...
CVE-2018-19578
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...