A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. Date published : 2021-03-26 https://security.samsungmobile.com/securityUpdate.smsb https://security.samsungmobile.com
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. Date published : 2021-03-26 https://security.samsungmobile.com/securityUpdate.smsb https://security.samsungmobile.com
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. Date published : 2021-03-26 https://security.samsungmobile.com/securityUpdate.smsb https://security.samsungmobile.com
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and...
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator’s entries were not correctly sanitized....
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information...
Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file...
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. Date published : 2021-03-26 https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html
In all versions of GitLab, marshalled session keys were being stored in Redis. Date published : 2021-03-26 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22194.json https://gitlab.com/gitlab-org/gitlab/-/issues/262107
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn’t properly redacted. Date published : 2021-03-26 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22184.json https://gitlab.com/gitlab-org/gitlab/-/issues/281676
An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages. Date published : 2021-03-26 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22180.json https://gitlab.com/gitlab-org/gitlab/-/issues/295662
Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page Date published : 2021-03-26 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22172.json https://gitlab.com/gitlab-org/gitlab/-/issues/212911
OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `–gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of...
In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21. Date published : 2021-03-26 https://github.com/kongchuanhujiao/server/security/advisories/GHSA-8wrg-m8vm-5fvj https://github.com/kongchuanhujiao/server/commit/9a125624f219e496bdf4b07b404816d5a309bdc1