| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request. |
| An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations. |
| In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. |
| TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. |
| The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. |
| connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data. |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. |
| The rsvpmaker plugin before 6.2 for WordPress has SQL injection. |
| Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. |
| The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. |
| An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. |
| Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. |
| Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. |
| Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. |
| The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. |
| BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. |
| HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. |
| idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels. |
| OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. |
| The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. |
