Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise....
GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to...
GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers’ pipeline trigger descriptions within the same project. Date published : 2020-04-08 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ https://about.gitlab.com/releases/categories/releases/
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. Date published : 2020-04-08 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ https://about.gitlab.com/releases/categories/releases/
GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. Date published : 2020-04-08 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ https://about.gitlab.com/releases/categories/releases/
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. Date published : 2020-04-08 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ https://about.gitlab.com/releases/categories/releases/
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. Date published : 2020-04-08 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ http://packetstormsecurity.com/files/160441/GitLab-File-Read-Remote-Code-Execution.html
GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. Date published : 2020-04-08 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ https://about.gitlab.com/releases/categories/releases/
GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. Date published : 2020-04-08 https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ https://about.gitlab.com/releases/categories/releases/
A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file. Date published : 2020-04-08 https://sourceforge.net/p/codeblocks/code/HEAD/tree/trunk/ChangeLog https://sourceforge.net/p/codeblocks/tickets/934/
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the...
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the...
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. Date published : 2020-04-07 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6V3PJEQOT47ZO77263XPGS3Y3AJROI4X/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONNQSW4SSKMG5RUEFZJZA5T5R2WXEGQF/
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a...