CVE-2023-4486

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service...

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

PT-2019-17691 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 11.11.6 GitLab CE/EE versions prior to 12.0.4 GitLab CE/EE versions prior to 12.1.2 Description: An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint, which could result in disclosu...

PT-2019-17694 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 11.11.6 GitLab versions prior to 12.0.4 GitLab versions prior to 12.1.2 Description: An issue with input validation and output encoding was found in the email notification feature, potentially leading to a persistent...

PT-2019-17695 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.0.4 GitLab versions prior to 12.1.2 Description: An authentication issue was discovered that allowed a bypass of email verification. Recommendations: For versions prior to 12.0.4, update to version 12.0.4 or later...