2483 matches found
Security Bulletin: WML CE: In Pillow before 7.1.0, there is a Buffer Overflow
Summary In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. PyTorch and TensorFlow uses Pillow. Vulnerability Details CVEID: CVE-2020-10378 DESCRIPTION: Pillow could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when readin...
Security Bulletin: WML CE: WML CE: SQLite through 3.32.0 has various security issues.
Summary TensorFlow in WML CE uses SQLite as its embedded SQL database engine. SQLite through 3.32.0 has various security issues. Vulnerability Details CVEID: CVE-2020-13631 DESCRIPTION: SQLite could allow a remote attacker to bypass security restrictions, caused by a flaw in the alter.c and...
CVE-2020-13264
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token...
CVE-2020-13264
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token...
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
Code injection
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
CVE-2020-13272
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow...
CVE-2020-13272
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow...
Authorization
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow...
CVE-2020-13272
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow...
CVE-2020-13262
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link...
Code injection
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link...
CVE-2020-13264
GitLab CE/EE versions 10.3–13.0.1 are affected by CVE-2020-13264, which allows other group maintainers to view Kubernetes cluster tokens due to token disclosure. The issue affects GitLab’s Kubernetes integration/token handling (no details on exploit vector beyond token exposure). Fixes are availa...
CVE-2020-13264
Removed by vendor...
CVE-2020-13261
CVE-2020-13261 affects GitLab CE/EE 12.6 through 13.0.1, where Amazon EKS credentials can be disclosed to other administrators via HTML source code. Connected sources confirm the vulnerability and affected ranges, but do not provide concrete exploit steps or a published remediation version. The i...
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
CVE-2020-13261
Removed by vendor...
CVE-2020-13273
Removed by vendor...
CVE-2020-13273
CVE-2020-13273 is a Denial of Service vulnerability affecting GitLab CE/EE 12.0 through 13.0.1, causing exhaustion of system resources. The connected documents collectively confirm the affected versions and impact but do not provide the root cause details or explicit remediation steps in the supp...
CVE-2020-13272
GitLab CVE-2020-13272 affects GitLab CE/EE versions 12.3 through 13.0.1, where the OAuth authorization code flow lacks verification checks. The root cause is missing verification in the OAuth flow, allowing an unverified user to complete the authorization code flow. Public details in connected do...