Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. Date published : 2019-05-29 http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Feb/3
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the...
An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. Date published : 2019-05-29 https://fortiguard.com/advisory/FG-IR-18-085
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure. Date published : 2019-05-29 https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/ https://gitlab.com/gitlab-org/gitlab-ce/issues/59003
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to...
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes...
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. Date published : 2019-05-29...
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. Date published : 2019-05-29 https://www.exploit-db.com/exploits/46693/ http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. Date published : 2019-05-29 https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ https://about.gitlab.com/blog/categories/releases/
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5). Date published : 2019-05-29 https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ https://about.gitlab.com/blog/categories/releases/
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5). Date published : 2019-05-29 https://about.gitlab.com/blog/categories/releases/
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to...
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. Date published : 2019-05-29 https://helpx.adobe.com/security/products/aem-forms/apsb19-24.html
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. Date published : 2019-05-29 https://bugzilla.zimbra.com/show_bug.cgi?id=109096 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories