IBM Spectrum Protect Plus Command Injection Vulnerability

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A command injection vulnerability exists in...

IBM Spectrum Protect Plus Command Injection Vulnerability (CNVD-2020-14213)

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A command injection vulnerability exists in...

PT-2020-1812 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 3.16 through 5.5.6 Description: An issue in the Linux kernel leads to an out-of-bounds read because the FDC index is not checked for errors before assigning it. This issue is related to the set fdc function in...

PT-2020-19876 · Dovecot +1 · Dovecot +1

Name of the Vulnerable Software and Affected Versions: Dovecot versions 2.3.9 through 2.3.9.2 Description: The issue arises from the mishandling of snippet generation by the IMAP and LMTP components when a large number of characters must be read to compute the snippet and a trailing character...

CVE-2019-13924

A vulnerability has been identified in SCALANCE S602 All versions V4.1, SCALANCE S612 All versions V4.1, SCALANCE S623 All versions V4.1, SCALANCE S627-2M All versions V4.1, SCALANCE X-200 switch family incl. SIPLUS NET variants All versions 5.2.4, SCALANCE X-200IRT switch family incl. SIPLUS NET...

GitLab EE Incorrect Access Control Vulnerability (CNVD-2020-13700)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. An incorrect access control vulnerability exists in GitLab E...

PT-2020-19889 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 10.1 through 12.7.2 Description: The issue allows information disclosure. Recommendations: For versions 10.1 through 12.7.2, update to a version that contains a fix for this issue...

PT-2020-19883 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 8.0 through 12.7.2 Description: The issue concerns insecure permissions in GitLab EE. Recommendations: For GitLab EE versions 8.0 through 12.7.2, update to a version that contains a fix for this issue...

PT-2020-19893 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.6 through 12.7.2 Description: The issue allows for Denial of Service. There is a vulnerability in GitLab EE. Recommendations: For GitLab EE versions 12.6 through 12.7.2, update to a version that contains a fix for this...

@apim/auth0-lock-redux (>=1.0.0 <=1.0.2), @brudi-toolbox/id (>=1.4.5-next.1 <=1.11.4-next.7) +36 more potentially affected by CVE-2019-20174 via auth0-lock (>=10.14.0 <=11.20.4)

auth0-lock NPM version =10.14.0, =1.0.0, =1.4.5-next.1, =2.2.0, =1.0.0, =0.1.0, =0.3.0, =0.0.1, =1.0.0, =0.1.0, =0.5.3, =0.1.13, =1.0.0, =0.0.1, =0.0.5 - auth0-react-sample =1.0.0 and more Source cves: CVE-2019-20174 Source advisory: OSV:GHSA-W2PF-G6R8-PG22...

@angular-materials/ngx-admin (>=1.0.0 <=1.0.1), @aurocraft/builder (>=1.0.0 <=3.3.3) +292 more potentially affected by CVE-2020-17480 via tinymce (>=4.5.1 <=4.9.5)

tinymce NPM version =4.5.1, =1.0.0, =1.0.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.1, =0.0.13, =1.3.0, =1.0.0, =2.0.0-beta.1, =1.1.1, =1.1.3 and more Source cves: CVE-2020-17480 Source advisory: OSV:GHSA-27GM-GHR9-4V95...

3h1-ui (>=2.14.41 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +938 more potentially affected by CVE-2020-17480 via tinymce (>=5.0.11 <=5.1.0)

tinymce NPM version =5.0.11, =2.14.41, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.17, =0.1.0, =0.0.1, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =1.0.0, =8.7.0 and more Source cves: CVE-2020-17480 Source advisory: OSV:GHSA-27GM-GHR9-4V95...

GHSA-5QCG-W2CC-XFFW Uncontrolled resource consumption in validators Python package

The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6...

Adobe Experience Manager Page Injection Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A user...

CVE-2019-16469

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure...

UBUNTU-CVE-2020-5197

An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 5.1 through 12.6.1. It has Incorrect Access Control...

WordPress Cross-Site Scripting Vulnerability (CNVD-2020-02541)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress versions 3.7 through 5.3.0. The vulnerability stems...

UBUNTU-CVE-2019-20201

An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxmlparse functions mishandle XML entities, leading to an infinite loop in which memory allocations occur...

Mellow Fish YetiShare Information Disclosure Vulnerability (CNVD-2020-04700)

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. An information disclosure vulnerability exists in Mellow Fish YetiShare versions 3.5.2 through 4.5.3, which stems from the program failing to set the Secure flag on session cookies, and can be exploited by an...

GitLab EE Access Control Error Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...