Dolibarr ERP/CRM SQL Injection Vulnerability (CNVD-2020-21501)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in Dolibarr ERP/CRM...

GitLab Cross-Site Scripting Vulnerability (CNVD-2020-19605)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab...

GitLab Information Disclosure Vulnerability (CNVD-2020-19229)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An information disclosure vulnerability exists in GitLab 12.3.5 - 12.8.1. An attacker can exploit...

UBUNTU-CVE-2020-10074

GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link...

Joomla! access control error vulnerability (CNVD-2020-20997)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An access control error vulnerability exists in Joomla! versions 2.5.0 through 3.9.15, which stems from a failure to perform ACL checks for various...

Joomla! SQL Injection Vulnerability (CNVD-2020-21002)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A SQL injection vulnerability exists in Joomla! versions 1.7.0 through 3.9.15, which stems from a lack of validation of externally-entered SQL...

PT-2020-11914 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 8.11 through 12.8.1 Description: The issue allows a Denial of Service when using several features to recursively request each other. Recommendations: For GitLab versions 8.11 through 12.8.1, update to a version that contains a...

PT-2020-11899 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 10.1 through 12.8.1 Description: A scenario was discovered in which a GitLab account could be taken over through an expired link, indicating an issue with access control. Recommendations: For GitLab versions 10.1 through 12.8....

thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

dijit (>=1.15.0 <=1.15.2), dojox (>=1.15.0 <=1.15.2) potentially affected by CVE-2020-5258 via dojo (>=1.15.0 <=1.15.2)

dojo NPM version =1.15.0, =1.15.0, =1.15.0, =1.15.2 Source cves: CVE-2020-5258 Source advisory: OSV:GHSA-JXFH-8WGV-VFR2...

PT-2020-5140

Name of the Vulnerable Software and Affected Versions urllib3 library versions 1.25.2 through 1.25.7 Description The issue is related to an inefficient algorithm in the encode invalid chars function, which can lead to a denial of service due to CPU consumption. This happens because the percent...

admindjango-ckeditor-blog (=0.1.0), aiida-core (=1.0.0) +53 more potentially affected by CVE-2020-9402 via django (>=1.11.0 <=1.11.28)

django PYPI version =1.11.0, =0.2.0.dev20181221, =0.28.0, =3.1.4, =2.19.0, =0.0.19, =4.4.1, =1.0.0, =0.6.0, =0.7.2 and more Source cves: CVE-2020-9402 Source advisory: OSV:PYSEC-2020-36...

Selesta Visual Access Manager Cross-Site Scripting Vulnerability (CNVD-2020-14669)

Selesta Visual Access Manager VAM is the Selesta Visual Access Manager. A cross-site scripting vulnerability exists in Selesta Visual Access Manager VAM versions 4.15.0 through 4.29. The vulnerability stems from a lack of proper validation of client data by the web application. An attacker can...

Selesta Visual Access Manager Information Disclosure Vulnerability

Selesta Visual Access Manager VAM is the Selesta Visual Access Manager. A security vulnerability exists in Selesta Visual Access Manager VAM versions 4.15.0 through 4.29, which stems from the /common/vameditXml.php page not checking the parameter used to specify the name of the file to read. An...

ppp: Buffer overflow in the eap_request and eap_response functions in eap.c

A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. Data confidentiality and integrity, as well as system...

CVE-2019-4597

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880...

CVE-2019-4596

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2019-19993

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths...

IBM Sterling B2B Integrator SQL Injection Vulnerability

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A SQL injection vulnerability exists in IBM Sterling B2B...

IBM QRadar Advisor With Watson App Information Disclosure Vulnerability

IBM QRadar Advisor with Watson is a suite of security threat analysis solutions from IBM USA. The product includes features such as security threat response and threat probing. A security vulnerability exists in the IBM QRadar Advisor With Watson App versions 1.1 through 2.5, which stems from the...