9790 matches found
CVE-2017-17541
A Cross-site Scripting XSS vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature...
CVE-2017-17541
A Cross-site Scripting XSS vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature...
CVE-2017-15137
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed...
CVE-2017-15137
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed...
CVE-2017-15137
CVE-2017-15137 affects OpenShift: the image import whitelist failed to enforce restrictions when executing commands like oc tag, potentially allowing restricted registries to be used. Root cause: whitelist enforcement flaw. Impact: open to running non-permitted images. Remediation: Red Hat adviso...
CVE-2017-17541
A Cross-site Scripting XSS vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature...
PT-2018-5780 · Red Hat · Openshift
Name of the Vulnerable Software and Affected Versions: OpenShift affected versions not specified Description: The issue concerns the OpenShift image import whitelist, which failed to properly enforce restrictions when executing commands like "oc tag". This could enable a user with OpenShift acces...
Fortinet FortiAnalyzer Cross-Site Scripting Vulnerability (CNVD-2018-13761)
Fortinet FortiManager and FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management solution.FortiAnalyzer is a centralized network security reporting solution. A cross-site scripting vulnerability exists in Fortinet FortiManager version...
CVE-2018-10891
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank...
CVE-2018-10891
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank...
UBUNTU-CVE-2018-10891
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank...
CVE-2018-10891
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank...
GitLab: Vulnerability in project import leads to arbitrary command execution
Summary: A filename regular expression could be bypassed and enable the attacker to create a symbolic link in Gitlab upload directory by importing a specially crafted Gitlab export. Further more, Gitlab is designed to not delete project upload directory currently. So, the attacker could delete th...
CVE-2018-12976
In Go Doc Dot Org gddo through 2018-06-27, an attacker could use specially crafted tags in packages being fetched by gddo to cause a directory traversal and remote code execution...
CVE-2018-12976
In Go Doc Dot Org gddo through 2018-06-27, an attacker could use specially crafted tags in packages being fetched by gddo to cause a directory traversal and remote code execution...
ZOHO ManageEngine EventLog Analyzer Cross-Site Scripting Vulnerability (CNVD-2018-12558)
ZOHO ManageEngine EventLog Analyzer is the United States ZhuoHao ZOHO company's set of system, event log analysis software. The software is capable of network-wide hosts, servers, network equipment and a variety of application service systems and other logs generated by the comprehensive collecti...
Authorization
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized...
CVE-2017-0919
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized...
UBUNTU-CVE-2017-0919
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized...
CVE-2017-0919
Removed by vendor...