72 matches found
GitLab 14.x < 15.6.7, 15.7.x < 15.7.6, 15.8.x < 15.8.1 DoS Vulnerability
GitLab is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...
XWiki 2.2 < 13.10.6, 14.0 < 14.3 XSS Vulnerability (GHSA-gjmq-x5x7-wc36)
Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
PostgreSQL 10.x < 10.22, 11.x < 11.17, 12.x < 12.12, 13.x < 13.8, 14.x < 14.5 Extension Vulnerability - Windows
PostgreSQL is prone to a vulnerability where extension scripts replace objects not belonging to the extension. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...
Cisco Unified Communications Manager XSS (cisco-sa-cucm-xss-ksKd5yfA)
The version of Cisco Unified Communications Manager installed on the remote host is version 14 prior to 14SU2. It is, therefore affect by a cross-site scripting vulnerability XSS in the web-based management interface. An unauthenticated remote attacker can, with the action of an authorized user,...
PostgreSQL 10.x < 10.21, 11.x < 11.16, 12.x < 12.11, 13.x < 13.7, 14.x < 14.3 Privilege Escalation Vulnerability - Windows
PostgreSQL is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2021-39919
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure...
GitLab 访问控制错误漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. An Access Control Error vulnerability exists in GitLab CE/EE that stems from...
Mozilla Firefox Security Advisory (MFSA2012-44) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox Security Advisory (MFSA2012-53) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2021-22257
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user...
Cross site scripting
On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting XSS vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system...
Security fix for the ALT Linux 10 package node version 14.17.5-alt1
14.17.5-alt1 built Aug. 17, 2021 Vitaly Lipatov in task 282492 Aug. 11, 2021 Vitaly Lipatov - new version 14.17.5 with rpmrb script - set c-ares = 1.17.2 - CVE-2021-3672, CVE-2021-22931: Improper handling of untypical characters in domain names - CVE-2021-22930: Use after free on close http2 on...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description In Bank section the Bank | Cash part, you protect List entities to delete with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary List entities only with knowing their ids. 🕵️♂️ Proof of Concept // PoC.html history.pushState'', '', '/' input...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description In Ticket section , you protect tickets from being deleted with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary tickets only with knowing their "trackid" parameter. 🕵️♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This...
Microsoft Office 2010 Remote Code Execution Vulnerability (KB4504738)
This host is missing an important security update according to Microsoft KB4504738 Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
Exploit for Server-Side Request Forgery in F5 Big-Ip_Access_Policy_Manager
F5 BIG-IP 远程命令执行漏洞(CVE-2021-22986) 漏洞影响 F5 BIG-IP 16.x: 1...
Digium Asterisk Security Vulnerability
Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. A security vulnerability exists in Digium Asterisk. The vulnerability stems from allowing a...
Code injection
In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic ove...
Odoo Security Vulnerability
Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management, financial management and so on. A security...
Microsoft Office 2010 Remote Code Execution Vulnerability (KB3203462)
This host is missing an important security update according to Microsoft KB3203462 Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...