|
247071
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14604
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247072
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
|
CWE-352
Origin Validation Error
|
CVE-2018-14603
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247073
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics featu…
|
CWE-200
Information Exposure
|
CVE-2018-14602
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247074
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.
|
NVD-CWE-noinfo
|
CVE-2018-14601
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247075
|
7.5 |
HIGH
Network
|
thomsonreuters
|
ultratax_cs
|
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly acc…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2018-14608
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247076
|
7.5 |
HIGH
Network
|
thomsonreuters
|
ultratax_cs_2017
|
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensit…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2018-14607
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247077
|
6.1 |
MEDIUM
Network
|
opmantek
|
open-audit
|
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14493
|
2024-11-21 12:49 |
2018-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247078
|
6.1 |
MEDIUM
Network
|
mondula
|
multi_step_form
|
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable w…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14430
|
2024-11-21 12:49 |
2018-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247079
|
7.5 |
HIGH
Network
|
wancms
|
wancms
|
wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-14596
|
2024-11-21 12:49 |
2018-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247080
|
7.5 |
HIGH
Network
|
axiosys
|
bento4
|
An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14590
|
2024-11-21 12:49 |
2018-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
