34 matches found
PT-2025-12714 · Unknown +1 · Ingress-Nginx +1
Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to v1.11.5 ingress-nginx versions from v1.12.0-beta.0 through v1.12.1 Description: A security issue was discovered in ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject...
CVE-2023-38495 Crossplane vulnerable to possible image tampering from missing image validation for Packages
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...
Gila CMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
Exploit for perl platform in category web applications ===== Tempest Security Intelligence - ADV-07/2020 ========================== GilaCMS - Version 1.11.5 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of...
PT-2020-13393 · Gitea +1 · Gitea +1
Name of the Vulnerable Software and Affected Versions: Gitea versions through 1.11.5 Description: An issue was discovered in Gitea where an attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another. Recommendations: For Gitea versions...
Google Go CRLF Injection Vulnerability
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A CRLF injection vulnerability exists in net/http in Google Go version 1.11.5, which can be exploited by remote attackers to manipulate HTTP headers and attack an internal host...
Security fix for the ALT Linux 10 package golang version 1.11.5-alt1
Jan. 24, 2019 Alexey Shabalin 1.11.5-alt1 - 1.11.5 - fixed CPU DoS vulnerability affecting P-521 and P-384 Fixes: CVE-2019-6486 - add ppc64le to goarches...
CVE-2018-2491
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...
Information disclosure
The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...
CVE-2018-2490
The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...
CVE-2018-2488
It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...
CVE-2018-2485
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...
Design/Logic Flaw
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...
CVE-2018-2489
Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...
SuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6987)
java-openjdk was upgraded to version 1.11.5 to fix various security and non-security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc. if...