News aggregator

CVE-2018-7513

National Vulnerability Database - Wed, 03/21/2018 - 16:29
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.
Categories: Security News

CVE-2018-7515

National Vulnerability Database - Wed, 03/21/2018 - 16:29
In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets.
Categories: Security News

CVE-2018-7517

National Vulnerability Database - Wed, 03/21/2018 - 16:29
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability.
Categories: Security News

CVE-2018-7519

National Vulnerability Database - Wed, 03/21/2018 - 16:29
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.
Categories: Security News

CVE-2018-7521

National Vulnerability Database - Wed, 03/21/2018 - 16:29
In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file.
Categories: Security News

CVE-2018-7523

National Vulnerability Database - Wed, 03/21/2018 - 16:29
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.
Categories: Security News

CVE-2018-7525

National Vulnerability Database - Wed, 03/21/2018 - 16:29
In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.
Categories: Security News

CVE-2017-0914

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.
Categories: Security News

CVE-2017-0915

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
Categories: Security News

CVE-2017-0916

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
Categories: Security News

CVE-2017-0917

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
Categories: Security News

CVE-2017-0918

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
Categories: Security News

CVE-2017-0922

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
Categories: Security News

CVE-2017-0923

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
Categories: Security News

CVE-2017-0924

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.
Categories: Security News

CVE-2017-0925

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.
Categories: Security News

CVE-2017-0926

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
Categories: Security News

CVE-2017-0927

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
Categories: Security News

CVE-2018-1229

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.
Categories: Security News

CVE-2018-1230

National Vulnerability Database - Wed, 03/21/2018 - 16:29
Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life.
Categories: Security News

Pages