Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2015-3908 —
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary val... read CVE-2015-3908
Published: August 12, 2015; 10:59:21 AM -04:00
-
CVE-2018-0387 —
A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does no... read CVE-2018-0387
Published: July 18, 2018; 07:29:01 PM -04:00
-
CVE-2015-6240 —
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
Published: June 07, 2017; 04:29:00 PM -04:00
-
CVE-2013-4260 —
lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
Published: September 16, 2013; 03:14:39 PM -04:00
-
CVE-2014-3498 —
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.
Published: June 08, 2017; 02:29:00 PM -04:00
-
CVE-2018-1503 —
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.
Published: July 23, 2018; 09:29:00 AM -04:00
-
CVE-2018-14527 —
Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).
Published: July 23, 2018; 04:29:00 AM -04:00
-
CVE-2018-14551 —
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
Published: July 23, 2018; 04:29:00 AM -04:00
-
CVE-2018-8018 —
Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vul... read CVE-2018-8018
Published: July 19, 2018; 09:29:04 PM -04:00
-
CVE-2017-7468 —
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resu... read CVE-2017-7468
Published: July 16, 2018; 09:29:00 AM -04:00
-
CVE-2018-7602 —
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability... read CVE-2018-7602
Published: July 19, 2018; 01:29:00 PM -04:00
-
CVE-2018-14606 —
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
Published: July 26, 2018; 10:29:00 PM -04:00
-
CVE-2018-1002208 —
sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Published: July 25, 2018; 01:29:02 PM -04:00
-
CVE-2018-1002202 —
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Published: July 25, 2018; 01:29:00 PM -04:00
-
CVE-2018-5536 —
A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module.
Published: July 25, 2018; 10:29:00 AM -04:00
-
CVE-2018-1002201 —
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Published: July 25, 2018; 01:29:00 PM -04:00
-
CVE-2018-1002204 —
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip... read CVE-2018-1002204
Published: July 25, 2018; 01:29:01 PM -04:00
-
CVE-2018-1002206 —
SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Published: July 25, 2018; 01:29:01 PM -04:00
-
CVE-2018-14605 —
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
Published: July 26, 2018; 10:29:00 PM -04:00
-
CVE-2018-14604 —
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.
Published: July 26, 2018; 10:29:00 PM -04:00