CVE-2019-5467

An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...

CVE-2019-5467

GitLab CE/EE Wiki pages were affected by a stored XSS due to an input validation and output encoding flaw in how Wiki Markdown links were processed. The issue could allow a persistent XSS when a wiki page is crafted with crafted input (as demonstrated by stored-XSS scenarios in the HackerOne repo...

PT-2019-17692 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 11.11.6 GitLab CE/EE versions prior to 12.0.4 GitLab CE/EE versions prior to 12.1.2 Description: An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature, which could...

PT-2019-17691 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 11.11.6 GitLab CE/EE versions prior to 12.0.4 GitLab CE/EE versions prior to 12.1.2 Description: An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint, which could result in disclosu...

The vulnerability of the CE Remote Display software arises from insufficient validation of input data, allowing attackers to exploit this flaw to gain increased privileges.

The vulnerability of the CE Remote Display software exists due to insufficient verification of input data. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-2021)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Docker : - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot bsc1143409. - CVE-2019-13509: Fixed an information leak in the debu...

Johnson Controls MS-NCE2516-0 Metasys NCE Controller

Binary data 764893.prm...

Johnson Controls MS-NCE2520-0 Metasys NCE Controller

Binary data 764892.prm...

Johnson Controls MS-NCE2510-0 Metasys NCE Controller

Binary data 764894.prm...

Johnson Controls MS-NCE2526-0 Metasys NCE Controller

Binary data 764891.prm...

Johnson Controls MS-NCE2566-0 Metasys NCE Controller

Binary data 764889.prm...

Johnson Controls MS-NCE2560-0 Metasys NCE Controller

Binary data 764890.prm...

Arbitrary Code Injection

github.com/docker/docker-ce is vulnerable to arbitrary code injection. The vulnerability exists because the nsswitch facility can dynamically load a library inside a chroot...

CVE-2019-13509

In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...

CVE-2019-13509

In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...

CVE-2019-13509

CVE-2019-13509 is confirmed in multiple sources: Docker Engine in Docker CE/EE before 18.09.8 (and Docker EE before 17.06.2-ee-23; 18.x before 18.03.1-ee-10) can in debug mode log secrets when docker stack deploy redeploys a stack with non-external secrets. The issue exposes secrets to debug logs...

CVE-2019-13509

In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...

MAPLE Computer WBT SNMP Administrator 2.0.195.15 Buffer Overflow

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MAPLE-WBT-SNMP-ADMINISTRATOR-v2.0.195.15-REMOTE-BUFFER-OVERFLOW-CODE-EXECUTION-0DAY.txt + ISR: Apparition Security Vendor www.computerlab.com Product MAPLE Computer WBT SNMP...

CVE-2018-19583

CVE-2018-19583 affects GitLab CE/EE (versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1). The issue logs user access tokens in the Workhorse logs, allowing administrators with log access to see another user’s token. The available connected documents indicate patche...

CVE-2018-19575

GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue...