11 matches found
DoS (Denial of Service) com.squareup.okio:okio Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 10.3.0 not all patched versions - see the fix and affects versions field and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
WordPress plugin和WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2021-37194
A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS allows to upload and store...
Axigen Cross-Site Scripting Vulnerability
Axigen is a mail server with groupware and collaboration features from Axigen, Inc. A cross-site scripting vulnerability exists in Axigen that stems from mishandling the viewing of SSL certificate usage. The following versions are affected: Versions 10.3.x through 10.3.3.61, 10.4.x through 10.4.2...
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the...
PT-2021-4769 · Adobe · Lightroom Classic
Name of the Vulnerable Software and Affected Versions: Adobe Lightroom Classic versions 10.3 and earlier Description: The issue is related to a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate...
CVE-2020-4685
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos...
PT-2020-13405 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.3 through 13.0.1 Description: The issue allows other group maintainers to view Kubernetes cluster tokens, potentially leading to unauthorized access. Recommendations: For GitLab CE/EE versions 10.3 through 13.0.1,...
CVE-2019-19719
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page...
CVE-2019-4177
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882...
Citrix XenMobile Server Cross-Site Scripting Vulnerability
Citrix XenMobile is a Mobile Device and Application Management Solution A cross-site scripting vulnerability exists in the Web User Interface of Citrix XenMobile Server versions 10.0, 10.1 prior to Rolling Patch 4, and 10.3 prior to Rolling Patch 1, which can be exploited by remote attackers to...