Monthly Archive: February 2020

GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. Date published : 2020-02-05 https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ https://about.gitlab.com/blog/categories/releases/

GitLab EE 10.1 through 12.7.2 allows Information Disclosure. Date published : 2020-02-05 https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ https://about.gitlab.com/blog/categories/releases/

GitLab through 12.7.2 allows XSS. Date published : 2020-02-05 https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ https://about.gitlab.com/blog/categories/releases/

GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). Date published : 2020-02-05 https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ https://about.gitlab.com/blog/categories/releases/

GitLab EE 11.0 and later through 12.7.2 allows XSS. Date published : 2020-02-05 https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ https://about.gitlab.com/blog/categories/releases/

GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. Date published : 2020-02-05 https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ https://about.gitlab.com/blog/categories/releases/

GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. Date published : 2020-02-05 https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ https://about.gitlab.com/blog/categories/releases/

GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). Date published : 2020-02-05 https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ https://about.gitlab.com/blog/categories/releases/

GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. Date published : 2020-02-05 https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ https://about.gitlab.com/blog/categories/releases/

An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. Date published : 2020-02-05 http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00005.html https://bugzilla.suse.com/show_bug.cgi?id=1160905

It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and...

A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API. Date...

An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. Date published : 2020-02-05 https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ https://about.gitlab.com/blog/categories/releases/

dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload...