Abdilahrf

#8810de 53,635
31.1CVSS total
Vulnerabilidades · 4
Média
1
Alta
2
Crítica
1
PT-2019-14344
7.5
2019-09-16
Gitlab · Gitlab Ce/Ee · CVE-2019-15722
**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions 8.15 through 12.2.1 **Description** An issue was discovered that allows particular mathematical expressions in GitLab Markdown to exhaust client resources. **Recommendations** For versions 8.15 through 12.2.1, update to a version that contains a fix for this issue to prevent client resource exhaustion.
PT-2018-13597
6.1
2018-11-06
Unknown · Tianma-Static · CVE-2018-16474
**Name of the Vulnerable Software and Affected Versions** tianma-static versions <=1.0.4 **Description** The issue is related to a stored cross-site scripting (XSS) flaw. This allows an attacker to execute arbitrary JavaScript. The vulnerability can be exploited if a user can control the name of a file served by the module. **Recommendations** For versions <=1.0.4, consider using another static file server as a temporary workaround until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-13598
7.5
2018-11-06
Knightjs · Knightjs · CVE-2018-16475
**Name of the Vulnerable Software and Affected Versions** knightjs versions <= 0.0.1 knightjs (all versions) **Description** The issue allows an attacker to read the content of arbitrary files on a remote server due to a lack of input validation. This is a result of a Path Traversal vulnerability. **Recommendations** For knightjs versions <= 0.0.1, consider not using this module in production environments until a fix is available. For all versions of knightjs, consider not using this module in production environments until a fix is available.
PT-2018-13587
10
2018-10-30
Oracle · Apex-Publish-Static-Files · CVE-2018-16462
**Name of the Vulnerable Software and Affected Versions** apex-publish-static-files versions prior to 2.0.1 **Description** A command injection issue allows arbitrary shell command execution through a maliciously crafted argument. This is exploitable if user input is passed into the `connectString` option in the `publish` method. **Recommendations** Update to version 2.0.1 or later. As a temporary workaround, consider restricting user input passed into the `connectString` option in the `publish` method to minimize the risk of exploitation.