A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 Date published : 2020-06-19 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13273.json https://gitlab.com/gitlab-org/gitlab/-/issues/207349
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow Date published : 2020-06-19 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13272.json https://gitlab.com/gitlab-org/gitlab/-/issues/37038
User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification Date published : 2020-06-19 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13265.json https://gitlab.com/gitlab-org/gitlab/-/issues/121664
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token Date published : 2020-06-19 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13264.json https://gitlab.com/gitlab-org/gitlab/-/issues/55302
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. Date published...
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link Date...
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code Date published : 2020-06-19 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13261.json https://gitlab.com/gitlab-org/gitlab/-/issues/199242
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container’s log file...
An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the...
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according...
An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with , and adns_qf_quoteok_query was specified, qdparselabel would read additional...
An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in...
An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote...
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. Date published : 2020-06-18 http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=blob;f=changelog https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html