GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. Date published : 2019-07-10 http://www.securityfocus.com/bid/109169 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal...
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with...
An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. Date published : 2019-07-10 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/ https://gitlab.com/gitlab-org/gitlab-ee/issues/8167
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private...
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack...
Nagios XI before 5.5.4 has XSS in the auto login admin management page. Date published : 2019-07-10 http://www.securityfocus.com/bid/109116 https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI. Date published : 2019-07-10 https://gist.github.com/feric/98180bad0a73716e143ff8dc03fda12f
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. Date published : 2019-07-10 https://security.gentoo.org/glsa/201908-02 https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
** DISPUTED ** Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a...
** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and...
** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019,...
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges. Date published : 2019-07-10 https://github.com/eventum/eventum/releases/tag/v3.5.2 https://github.com/eventum/eventum/blob/master/CHANGELOG.md
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter. Date published : 2019-07-10 https://github.com/eventum/eventum/releases/tag/v3.5.2 https://github.com/eventum/eventum/blob/master/CHANGELOG.md