Monthly Archive: November 2019

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte...

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting...

An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing,...

An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the...

Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute...

An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). Date published : 2019-11-26 https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ https://about.gitlab.com/blog/categories/releases/

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. Date published : 2019-11-26 https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ https://about.gitlab.com/blog/categories/releases/

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control. Date published : 2019-11-26 https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/...

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control. Date published : 2019-11-26 https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ https://about.gitlab.com/blog/categories/releases/

An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4). Date published : 2019-11-26 https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ https://about.gitlab.com/blog/categories/releases/

An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4). Date published : 2019-11-26 https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ https://about.gitlab.com/blog/categories/releases/

An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions. Date published : 2019-11-26 https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ https://about.gitlab.com/blog/categories/releases/

An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4). Date published : 2019-11-26 https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/...

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. Date published : 2019-11-26 https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ https://about.gitlab.com/blog/categories/releases/