Monthly Archive: May 2019

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is...

An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary...

An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related...

An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access...

An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to...

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects//languages requests may allow Uncontrolled Resource Consumption. Date published : 2019-05-16 https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/...

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. Date published : 2019-05-16 https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ https://about.gitlab.com/blog/categories/releases/

A security feature bypass vulnerability exists in Dynamics On Premise, aka ‘Microsoft Dynamics On-Premise Security Feature Bypass’. Date published : 2019-05-16 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008

An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit...

A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka ‘Internet Explorer Security Feature Bypass Vulnerability’. Date published : 2019-05-16 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0995

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’. Date published : 2019-05-16 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka ‘.Net Framework and .Net Core Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980....

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka ‘.Net Framework and .Net Core Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981....

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE...