Infosysta Jira 1.6.13_J8 Push Notification Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-041 Product: In-App & Desktop Notification for Jira Manufacturer: Infosysta Affected Versions: 1.6.13J8 Tested Versions: 1.6.13J8 Vulnerability Type: Authentication/Authorization Bypass Risk Level: High Solution Status: Closed...

Insecure Default

Overview github.com/goharbor/harbor/src/core/api is a cloud native registry project that stores, signs, and scans content. Affected versions of this package are vulnerable to Insecure Default. Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to...

The vulnerability affects the implementation of the `Array.prototype.push` method in JIT-compilers of Firefox and Firefox ESR web browsers, allowing an attacker to execute arbitrary code.

The vulnerability of the Array.prototype.push method in JIT-compilers of Firefox and Firefox ESR browsers is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Fedora 29 : dino (2019-0eb6d51f81)

Update dino to a96c8014, which addresses three CVEs. CVE-2019-16235 ============== Dino did not properly check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc5 49c930 CVE-2019-16236...

CVE-2019-15723

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations...

CVE-2019-15723

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations...

CVE-2019-15723

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations...

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations...

CVE-2019-15723

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations...

CVE-2019-15723

Removed by vendor...

CVE-2019-15723

GitLab CVE-2019-15723 affects GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. The issue allows merge requests created by email to bypass push rules in certain situations, enabling potential unauthorized changes. Remediation is to upgrade to 11.10.1 or later (as the fixe...

PrivExchange - Exchange Your Privileges For Domain Admin Privs By Abusing Exchange

POC tools accompanying the blog Abusing Exchange: One API call away from Domain Admin. Requirements These tools require impacket. You can install it from pip with pip install impacket, but it is recommended to use the latest version from GitHub. privexchange.py This tool simply logs in on Exchang...

DEBIAN-CVE-2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala...

CVE-2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala...

Unspecified Vulnerability in GitLab (CNVD-2019-30488)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...

WordPress onesignal-free-web-push-notifications plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. onesignal-free-web-push-notifications is a plugin used to push notifications to site visitors. A cross-site scripting vulnerability...

CVE-2019-15827

The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter...

CVE-2019-15827

The CVE-2019-15827 entry affects the WordPress plugin onesignal-free-web-push-notifications, specifically versions before 1.17.8. The vulnerability is an XSS via the subdomain parameter (POST or input handling) that can lead to client-side script execution within the context of an affected site. ...

FreeBSD : Gitlab -- Multiple Vulnerabilities (b68cc195-cae7-11e9-86e9-001b217b3468)

Gitlab reports : Kubernetes Integration Server-Side Request Forgery Server-Side Request Forgery in Jira Integration Improved Protection Against Credential Stuffing Attacks Markdown Clientside Resource Exhaustion Pipeline Status Disclosure Group Runner Authorization Issue CI Metrics Disclosure Use...

The vulnerability relates to the implementation of the HTTP/2 network protocol on Windows operating systems, nginx servers, network programming tools like netty, Envoy, SwiftNIO, and Node.js software platforms. This allows attackers to induce service failures.

The vulnerability of the HTTP/2 network protocol implementation in Windows operating systems, nginx servers, network programming tools like Netty, Envoy, SwiftNIO, and Node.js software platforms is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a maliciou...