CVE-2020-2141

A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce...

CVE-2020-2141

A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce...

EulerOS 2.0 SP8 : libidn2 (EulerOS-SA-2020-1161)

According to the version of the libidn2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it...

Visma Bug Bounty Program: A user can view the name and number of a customer in another company if the GUID is known

An IDOR vulnerability exists in /api/internal/customerlabels/, allowing an attacker to add a label to a customer in a another company if he has previous knowledge about the UUID. The result is that the name and number of the customer is shown in the attackers context. As all objects in the API ar...

CVE-2019-15583

An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API...

CVE-2019-15583

An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API...

Information disclosure

An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API...

CVE-2019-15583

An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API...

DEBIAN-CVE-2019-18282

The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash instead of siphash is used. The hashrn...

OPENSUSE-SU-2019:2613-1 Security update for libidn2

This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels bsc1154884. - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings bsc1154887. This update was import...

Security update for libidn2 (moderate)

openSUSE Security Update: Security update for libidn2 Announcement ID: openSUSE-SU-2019:2613-1 Rating: moderate References: 1154884 1154887 Cross-References: CVE-2019-12290 CVE-2019-18224 Affected Products: openSUSE Leap 15.0 An update that fixes two vulnerabilities is now available. Description:...

CVE-2019-18450

An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions...

CVE-2019-18450

An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions...

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions...

UBUNTU-CVE-2019-18450

An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions...

CVE-2019-18450

Removed by vendor...

CVE-2019-18450

An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions...

CSV Injection on node label

Summary CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. An authenticated malicious user can insert a crafted formula in the node label that can be later executed on another system after another user has downloaded and opened the node li...

GitLab Information Disclosure Vulnerability (CNVD-2019-42894)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Community and...