FreeBSD : Gitlab -- multiple vulnerabilities (1fb13175-ed52-11ea-8b93-001b217b3468)

Gitlab reports : Vendor Cross-Account Assume-Role Attack Stored XSS on the Vulnerability Page Outdated Job Token Can Be Reused to Access Unauthorized Resources File Disclosure Via Workhorse File Upload Bypass Unauthorized Maintainer Can Edit Group Badge Denial of Service Within Wiki Functionality...

GHSA-V2JQ-9475-R5G8 Cross-Site Scripting in bootstrap-tagsinput

All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has not seen...

Mail.ru: [http://kiwi.youdrive.today/] Information disclosure via Kiwi TCMS vulnerability

Outdated kiwi.youdrive.today Kiwi TCMS instance was vulnerable to information disclosure via JSON-RPC endpoints. Outdated Kiwi TCMS instance was vulnerable to information disclosure via JSON-RPC endpoints. Exploit example dump users info except superuser: curl -i -s -k -X $'POST' -H $'Content-Typ...

Mozilla Thunderbird < 78.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-33 advisory. - Mozilla developers and community members Natalia Csoregi, Simon Giesecke, Jason Kratzer, Christian Holler...

CVE-2020-9254

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123C432E19R2P5patch02, versions earlier than 10.1.0.126C10E11R5P1, and versions earlier than 10.1.0.160C00E160R2P8 have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, th...

Mozilla: Add-On updates did not respect the same certificate trust rules as software updates

The Mozilla Foundation Security Advisory describes this flaw as: When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without...

Rittal Products Bypass / Command Injection / Privilege Escalation Vulnerabilities

Multiple Rittal Products based on the same software suffer from CLI menu bypass, insecure configuration, hard-coded backdoor account, outdated component, command injection, and privilege escalation vulnerabilities. Products include but are not limited to CMC III PU Compact, CMC III PU 7030.000 PD...

Rittal Products Bypass / Command Injection / Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Rittal Products based on same software, e.g. CMC III PU Compact, CMC III PU 7030.000 PDU whole portfolio, LCP-CW, IoT...

USN-4421-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbtirary code. CVE-2020-12405,...

Multiple Mozilla Products Trust Management Issues Vulnerabilities

Mozilla Firefox and others are products of the Mozilla Foundation in the U.S.A. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of e-mail client software separate from the Mozilla Application...

USN-4408-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass permission prompts, or execute arbitrary code. CVE-2020-12415,...

USN-4408-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass permission prompts, or execute arbitrary code. CVE-2020-12415,...

UBUNTU-CVE-2020-12421

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...

Design/Logic Flaw

A Vulnerability in the firmware of COMMAX WallPadCDP-1020MB allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL...

PT-2020-13196 · WordPress · Mappress-Google-Maps-For-Wordpress

Name of the Vulnerable Software and Affected Versions: mappress-google-maps-for-wordpress plugin versions prior to 2.54.6 Description: The issue is related to incomplete capability checks for AJAX functions, specifically those involved in the creation, retrieval, and deletion of PHP template file...

[SECURITY] Fedora 30 Update: perl-Mojolicious-8.42-1.fc30

Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...

[SECURITY] Fedora 32 Update: perl-Mojolicious-8.42-1.fc32

Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...

CVE-2020-4312

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089...

CVE-2020-8155

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...

Cross site scripting

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...