24 matches found
CVE-2019-7176
An issue was discovered in GitLab Community and Enterprise Edition 8.x starting in 8.9, 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility...
EUVD-2020-17974
Malware in sbrugna...
EUVD-2022-2790
Malicious code in bioql PyPI...
EUVD-2022-42454
Malicious code in bioql PyPI...
BIT-WORDPRESS-MULTISITE-2020-25286
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...
CVE-2020-25286
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...
CVE-2020-25286
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...
CVE-2020-25286
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...
Drupal 8.x < 8.1.10 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists that is due to the program allowing users who have rights to edit a node to set the visibility for comments on that node. This may allow an authenticated remote...
Drupal 8.2.x < 8.2.0-rc2 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists that is due to the program allowing users who have rights to edit a node to set the visibility for comments on that node. This may allow an authenticated remote...
Restricted Work Log entries show in the Activity Stream in JIRA Server
This is a regression of bug JRASERVER-34022: Restricted Work Log entries show in the Activity Stream in JIRA Server fixed in JIRA Server including JIRA Core 7.3.8|https://jira.atlassian.com/browse/JRASERVER-34022. Apparently this is a regression and users that are not meant to see the worklogs ca...
Drupal 8.1.x < 8.1.10 Multiple Vulnerabilities
Binary data 9729.prm...
CVE-2016-7570
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes...
CVE-2016-7570
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes...
CVE-2016-7570
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes...
Users without "Administer comments" can set comment visibility on nodes they can edit
More info at https://www.drupal.org/SA-CORE-2016-004...
Users without "Administer comments" can set comment visibility on nodes they can edit
More info at https://www.drupal.org/SA-CORE-2016-004...
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004
Users without "Administer comments" can set comment visibility on nodes they can edit. Less critical Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission. Cross-site Scripting in http...
JSON export doesn't differentiate public from internal comments
h4. +Summary+ Currently, when exporting a SD request to JSON format, it's not possible to tell which comment is internal or public from the JSON file. h4. +Steps to reproduce+ Go to Manage add-ons - All add-ons - jira-importers-plugin - Enable JSON export Create an SD request and add one internal...
JSON export doesn't differentiate public from internal comments
h4. +Summary+ Currently, when exporting a SD request to JSON format, it's not possible to tell which comment is internal or public from the JSON file. h4. +Steps to reproduce+ Go to Manage add-ons - All add-ons - jira-importers-plugin - Enable JSON export Create an SD request and add one internal...