EUVD-2020-5601

Malware in sbrugna...

EUVD-2022-40677

Malicious code in bioql PyPI...

CVE-2020-13344

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis...

GitLab 8.11.0-rc6 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13332)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

GitLab 12.4 < 13.2.10 / 13.3 < 13.3.7 / 13.4 < 13.4.2 (CVE-2020-13340)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log CVE-2020-13340 Note that Nessus has not tested for this issue but has instea...

CVE-2022-38074

SQL Injection vulnerability in VeronaLabs WP Statistics plugin = 13.2.10 versions...

WordPress plugin WP Statistics SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP...

Unspecified Vulnerability in GitLab (CNVD-2020-63395)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions 13.4.2...

GitLab Resource Management Error Vulnerability (CNVD-2020-63397)

GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. A security...

UBUNTU-CVE-2020-13341

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions...

PT-2020-13482 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: An issue has been discovered in GitLab where an insufficient permission check allows an attacker with a developer role to perform...

UBUNTU-CVE-2020-13339

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted...

CVE-2020-13340

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log...

PT-2020-13481 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: A Stored XSS issue has been discovered in the CI Job Log of GitLab. Recommendations: For versions prior to 13.2.10, update to versio...

PT-2020-13485 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: An issue has been discovered in GitLab where session keys are stored in plain-text in Redis. This allows an attacker with Redis acce...

CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Access to sensitive da...

PT-2020-13483 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: The issue is related to the lack of rate limiting when re-sending confirmation emails. Recommendations: For versions prior to 13.2.1...

Design/Logic Flaw

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled...

Imperva SecureSphere 13 - Remote Command Execution Exploit

Exploit for linux platform in category web applications Title: Imperva SecureSphere 13 - Remote Command Execution Author: rsp3ar Vendor: https://www.imperva.com/products/securesphere/ CVE: N/A Version: 13.0.10, 13.1.10, 13.2.10 Tested on: SecureSphere Virtual Appliance Description PWS is a...