Changeset View
Changeset View
Standalone View
Standalone View
vuln.xml
- This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 Lines • Show All 52 Lines • ▼ Show 20 Lines | |||||
Help is also available from ports-security@freebsd.org. | Help is also available from ports-security@freebsd.org. | ||||
Notes: | Notes: | ||||
* Please add new entries to the beginning of this file. | * Please add new entries to the beginning of this file. | ||||
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | ||||
--> | --> | ||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | ||||
<vuln vid="b950a83b-789e-11e8-8545-d8cb8abf62dd"> | |||||
<topic>Gitlab -- multiple vulnerabilities</topic> | |||||
<affects> | |||||
<package> | |||||
<name>gitlab</name> | |||||
<range><ge>11.0.0</ge><lt>11.0.1</lt></range> | |||||
<range><ge>10.8.0</ge><lt>10.8.5</lt></range> | |||||
<range><ge>4.1</ge><lt>10.7.6</lt></range> | |||||
</package> | |||||
</affects> | |||||
<description> | |||||
<body xmlns="http://www.w3.org/1999/xhtml"> | |||||
<p>Gitlab reports:</p> | |||||
<blockquote cite="https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"> | |||||
<p>Wiki XSS</p> | |||||
<p>Sanitize gem updates</p> | |||||
<p>XSS in url_for(params)</p> | |||||
<p>Content injection via username</p> | |||||
<p>Activity feed publicly displaying internal project names</p> | |||||
<p>Persistent XSS in charts</p> | |||||
</blockquote> | |||||
</body> | |||||
</description> | |||||
<references> | |||||
<cvename>CVE-2018-12606</cvename> | |||||
<cvename>CVE-2018-3740</cvename> | |||||
<cvename>CVE-2018-12605</cvename> | |||||
<cvename>CVE-2018-12607</cvename> | |||||
<url>https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/</url> | |||||
</references> | |||||
<dates> | |||||
<discovery>2018-06-25</discovery> | |||||
<entry>2018-06-25</entry> | |||||
</dates> | |||||
</vuln> | |||||
<vuln vid="17cb6ff3-7670-11e8-8854-6805ca0b3d42"> | <vuln vid="17cb6ff3-7670-11e8-8854-6805ca0b3d42"> | ||||
<topic>phpmyadmin -- remote code inclusion and XSS scripting</topic> | <topic>phpmyadmin -- remote code inclusion and XSS scripting</topic> | ||||
<affects> | <affects> | ||||
<package> | <package> | ||||
<name>phpmyadmin</name> | <name>phpmyadmin</name> | ||||
<range><lt>4.8.2</lt></range> | <range><lt>4.8.2</lt></range> | ||||
</package> | </package> | ||||
</affects> | </affects> | ||||
▲ Show 20 Lines • Show All 9,991 Lines • Show Last 20 Lines |