Lucene search
K

109 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 4:32 a.m.21 views

Plone Arbitrary File Read

atdownload.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs Files and Images stored on custom content types via a crafted URL...

5CVSS6.6AI score0.014EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/21 7:15 p.m.9 views

CVE-2022-0687

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role...

8.8CVSS7.6AI score0.01439EPSS
Exploits2References2
CNVD
CNVD
added 2020/06/11 12:0 a.m.10 views

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-31225)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in the blobs...

6.1CVSS6.2AI score0.01531EPSS
Exploits0References1
NVD
NVD
added 2020/06/10 3:15 p.m.30 views

CVE-2020-13271

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...

6.1CVSS0.01531EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/06/10 3:15 p.m.21 views

CVE-2020-13271

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...

6.1CVSS6.6AI score0.01531EPSS
Exploits0References2
Prion
Prion
added 2020/06/10 3:15 p.m.18 views

Cross site scripting

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...

4.3CVSS5.9AI score0.01531EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/06/10 3:15 p.m.3 views

UBUNTU-CVE-2020-13271

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...

6.1CVSS6.1AI score0.01531EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/06/10 2:25 p.m.23 views

CVE-2020-13271

Removed by vendor...

6.1CVSS6.3AI score0.01531EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/06/10 12:0 a.m.4 views

PT-2020-13412 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 13.0.1 Description: A Stored Cross-Site Scripting issue allows the execution of arbitrary Javascript code in the blobs API. Recommendations: For versions prior to 13.0.1, update to version 13.0.1 or later to...

6.1CVSS6AI score0.01531EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.32 views

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2019-1668)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.08609EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2019-1720)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.08609EPSS
Exploits0References2
CNVD
CNVD
added 2019/12/19 12:0 a.m.1 views

GitLab Command Injection Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. A command...

7.5CVSS7.7AI score0.02409EPSS
Exploits1References1
OSV
OSV
added 2019/12/18 9:15 p.m.20 views

CVE-2019-15575

A command injection exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope...

7.5CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2019/12/18 9:15 p.m.18 views

Command injection

A command injection exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope...

5CVSS7.7AI score0.02409EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2019/12/18 9:15 p.m.20 views

CVE-2019-15575

A command injection exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope...

7.5CVSS7.1AI score0.02409EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2019/12/18 9:0 p.m.28 views

CVE-2019-15575

Removed by vendor...

7.5CVSS7.1AI score0.02409EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/07/22 12:0 a.m.29 views

EulerOS 2.0 SP2 : sqlite (EulerOS-SA-2019-1720)

According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a...

9.8CVSS7.3AI score0.08609EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/06/27 12:0 a.m.32 views

EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2019-1668)

According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a...

9.8CVSS7.3AI score0.08609EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.36 views

EulerOS Virtualization 2.5.3 : sqlite (EulerOS-SA-2019-1275)

According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - osunix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to...

9.8CVSS7.2AI score0.08609EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2019/03/21 12:0 a.m.49 views

NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash

nss: CERTDecodeCertPackage crash with Netscape Certificate Sequences I noticed that the main entrypoint for decoding DER blobs in NSS, CERTDecodeCertPackage, actually handles multiple formats including PEM, PKCS7, and old Netscape Certificate Sequences. You can generate a Netscape Certificate...

7.4AI score
Exploits0
Rows per page
Query Builder