On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated...
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service. Date published : 2020-03-27 https://support.f5.com/csp/article/K70275209
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset...
It’s possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition...
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This...
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions....
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and...
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. Date published : 2020-03-27 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ https://about.gitlab.com/releases/categories/releases/
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. Date published : 2020-03-27 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ https://www.debian.org/security/2020/dsa-4691
GitLab through 12.9 is affected by a potential DoS in repository archive download. Date published : 2020-03-27 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ https://about.gitlab.com/releases/categories/releases/
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. Date published : 2020-03-27 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ https://about.gitlab.com/releases/categories/releases/
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. Date published : 2020-03-27 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ https://about.gitlab.com/releases/categories/releases/
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. Date published : 2020-03-27 https://cert.vde.com/en-us/advisories/vde-2020-013
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. Date published : 2020-03-27 https://cert.vde.com/en-us/advisories/vde-2020-012