CVE-2020-13266

CVE-2020-13266 affects GitLab CE/EE 12.8–13.0.1, with insecure authorization in Project Deploy Keys. The issue allows a user to update permissions on other users’ deploy keys under certain conditions. No exploitation details are provided in the supplied documents. Affected components: GitLab Depl...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: User Email Verification Bypass OAuth Flow Missing Email Verification Checks Notification Email Verification Bypass Undisclosed Vulnerability on a Third-Party Rendering Engine Group Sign-Up Restriction Bypass Mirror Project Owner Impersonation Missing Permission Check on Fork...

Security Bulletin: Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services

Summary Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services could allow a remote attacker to gain access to unauthorized actions and data. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: In Dojo Toolkit before 1.14, there is unescaped string injection...

Insecure Authorization

libvirt.so is vulnerable to insecure authorization. The readonly permission was allowed to invoke APIs and this can lead to disclosure of confidential information or allow a remote attacker to cause a denial of service condition by causing libvirt to block...

Insecure Authorization

libmosquitto.so is vulnerable to insecure authorization. An empty ACL file or containing only blank lines or comments is treated as not defined and no topic access would be denied. This could lead to access being incorrectly granted and allow an attacker to access or modify resources that are...

Insecure Authorization

loopback allows unauthorized creation of Authentication Tokens. This is due to improper authorization when the AccessToken model is publicly exposed, allowing an attacker, who has knowledge of any target's userId, to create Authentication Tokens for the victim and gain access to the application a...