Grafana < 10.4.18 Cross-site Scripting

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.18, or 11.2.x earlier than 11.2.9, or 11.3.x earlier than 11.3.6, or 11.4.x earlier than 11.4.4, or 11.5.x earlier than 11.5.4, or 11.6.x earlier than 11.6.1. It is, therefore, affected by a...

OPENSUSE-SU-2025:15145-1 grafana-11.6.1-1.1 on GA media

These are all security issues fixed in the grafana-11.6.1-1.1 package on the GA media of openSUSE Tumbleweed...

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution Exploit

This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface TMUI to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell TMSH. The escape may not be reliable, and yo...

F5 Networks BIG-IP : TMM vulnerability (K25400442)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.6 / 14.1.2.5 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K25400442 advisory. - On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and...

WordPress The7 Theme <= 11.6.0 is vulnerable to Cross Site Scripting (XSS)

Software The7 Type Theme Vulnerable versions = 11.6.0 Fixed in 11.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29100 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 24f83da1f799 Credits Rafie Muhammad Patchstack...

GHSA-HM3X-JWWF-JPR9 Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

openstack-tripleo-heat-templates 信息泄露漏洞

openstack-tripleo-heat-templates is a set of templates and tools for building Heat templates for OpenStack deployment. A security vulnerability exists in openstack-tripleo-heat-templates that stems from the fact that an attacker can exploit this by checking the wwwauthenticateuri parameter visibl...

Cross site request forgery (csrf)

In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times...

Code injection

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network WCCP page, the system does not sanitize all user-provided data before display...

CVE-2020-5905

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network WCCP page, the system does not sanitize all user-provided data before display...

GitLab CE/EE Access Control Error Vulnerability (CNVD-2020-03877)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An access control error vulnerability exists in GitLab...

CVE-2018-20499

An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF...

CVE-2018-20497

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF...

CVE-2018-20492

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control issue 2 of 6...

PT-2019-18217 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 11.5.1 through 11.5.8 BIG-IP versions 11.6.1 through 11.6.3.4 BIG-IP versions 12.1.0 through 12.1.4 BIG-IP versions 13.0.0 through 13.1.1.4 BIG-IP versions 14.0.0 through 14.0.0.4 BIG-IP versions 14.1.0 through 14.1.0.5...

CVE-2019-6605

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service...

CVE-2019-1702

Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerabilities are due...

Cross site scripting

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS...

CVE-2018-5522

On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash...