Monthly Archive: January 2020

The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute...

An Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for...

A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE...

A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This...

An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows...

Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a...

Zimbra Collaboration 8.7.x – 8.8.11P2 contains non-persistent XSS. Date published : 2020-01-27 https://bugzilla.zimbra.com/show_bug.cgi?id=109122 https://bugzilla.zimbra.com/show_bug.cgi?id=109123

Zimbra Collaboration 8.7.x – 8.8.11P2 contains persistent XSS. Date published : 2020-01-27 https://bugzilla.zimbra.com/show_bug.cgi?id=109122 https://bugzilla.zimbra.com/show_bug.cgi?id=109123

Zimbra Collaboration 8.7.x – 8.8.11P2 contains persistent XSS. Date published : 2020-01-27 https://bugzilla.zimbra.com/show_bug.cgi?id=109122 https://bugzilla.zimbra.com/show_bug.cgi?id=109123

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead...

Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Date published...

Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2020-01-27 http://jvn.jp/en/jp/JVN97325754/index.html F-RevoCRMバージョン6系の脆弱性と対応について

An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. Date published : 2020-01-27 https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ https://gitlab.com/gitlab-org/gitlab-ee/issues/11423

An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments. Date published : 2020-01-27 https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ https://gitlab.com/gitlab-org/gitlab-ee/issues/11381