1st_test_yamineo (=0.1.0), @akaterra.co/apidog (>=0.0.4 <=0.0.5) +884 more potentially affected by unknown CVE via markdown (>=0.1.2 <=0.5.0)

markdown NPM version =0.1.2, =0.0.4, =0.0.102, =0.1.0, =0.4.0, =0.0.5, =2.1.1, =2.0.0, =0.0.2, =2.1.1, =2.1.1, =2.1.1, =2.1.1, =2.9.14 and more Source cves: unknown CVE Source advisory: SNYK:JS-MARKDOWN-560793...

GitLab Cross-Site Scripting Vulnerability (CNVD-2020-27233)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in the Admin...

UBUNTU-CVE-2020-11020

Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...

PT-2020-13089 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 9.5.9 through 12.9 Description: The issue concerns a stored XSS vulnerability in an admin notification feature. This allows for malicious code to be stored and executed when the notification is viewed by an administrator...

PT-2020-13090 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 10.8 through 12.9 Description: The issue allows someone to mirror a repository even if the feature is not activated. Recommendations: For GitLab versions 10.8 through 12.9, update to a version that contains a fix for this issu...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2020-26661)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon versions 4.0.0 through 4.10.3. A remote attacker can...

Cybozu Garoon License Issue Vulnerability

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An authorization issue vulnerability exists in Cybozu Garoon versions 4.0.0 to 4.10.3. A remote attacker can...

Cybozu Garoon Code Issue Vulnerability

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A code issue vulnerability exists in the V-CUBE Meeting feature in Cybozu Garoon versions 4.0.0 through 4.10.3. A...

Unspecified Vulnerability in GitLab (CNVD-2020-25737)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...

aequitas (>=0.26.0 <=0.42.0), ax (>=0.39.0 <=0.52.0) +27 more potentially affected by CVE-2020-11888 via markdown2 (>=2.3.0 <=2.3.8)

markdown2 PYPI version =2.3.0, =0.26.0, =0.39.0, =0.1.0, =0.5.29, =3.8.3, =0.0.1, =0.4.1, =0.0.1, =0.7.0a1, =0.2.2, =0.4.0rc1590080566 and more Source cves: CVE-2020-11888 Source advisory: OSV:GHSA-FV3H-8X5J-PVGQ...

AitSar (=0.1.1), SadieFish (=0.1.1) +621 more potentially affected by unknown CVE via stb_truetype (>=0.1.2 <=0.3.1)

stbtruetype CARGO version =0.1.2, =0.1.0, =0.1.0, =0.0.1, =0.1.1, =0.1.1, =0.1.0, =0.4.0, =0.3.0, =0.1.0, =0.3.0 - airkit =0.1.0 - airsim =0.2.0 - alacritty =0.5.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0020...

jackson-databind: Lacks certain xbean-reflect/JNDI blocking

A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...

CVE-2020-2826

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite component: Print Server. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One...

org.sonatype.nexus.assemblies:nexus-base-feature (>=3.10.0-04 <=3.21.1-01), org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.21.1-01) +33 more potentially affected by CVE-2020-10199 via org.sonatype.nexus:nexus-extdirect (>=3.10.0-04 <=3.21.1-01)

org.sonatype.nexus:nexus-extdirect MAVEN version =3.10.0-04, =3.10.0-04, =3.10.0-04, =3.21.0-01, =3.12.0-01, =3.10.0-04, =3.12.0-01, =3.10.0-04, =3.17.0-01, =0.0.1, =0.0.2, =0.0.3, =0.0.4, =0.0.13, =1.0.3 and more Source cves: CVE-2020-10199 Source advisory:...

dpd-paypal-ap (>=0.0.1 <=0.0.9), paypal-pay (=0.1.1) potentially affected by CVE-2020-7643 via paypal-adaptive (>=0.1.1 <=0.4.2)

paypal-adaptive NPM version =0.1.1, =0.0.1, =0.0.9 - paypal-pay =0.1.1 Source cves: CVE-2020-7643 Source advisory: SNYK:JS-PAYPALADAPTIVE-565089...

auth0.js Information Disclosure Vulnerability

auth0.js is a client-side JavaScript toolkit for the Auth0 API Application Programming Interface. A security vulnerability exists in auth0.js NPM package auth0-js versions 8.0.0 through 9.13.1. An attacker can exploit the vulnerability to obtain a password...

CVE-2020-4291

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334...

CVE-2020-4164

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400...

PT-2020-12466 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 9.0 through 12.9 Description: The issue allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. Recommendations: For GitLab EE/CE versions 9.0 through 12.9, consider...

CVE-2016-11026

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, and M6.0 software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 December 2016...