Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (moderate)

openSUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Announcement ID: openSUSE-SU-2020:0045-1 Rating: moderate References: 1122469 1143349 1150397 1152308 1153367 1158590 Cross-References: CVE-2019-16884 Affected Products: openSUSE Leap 15...

Improper access control

An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 8.13 through 12.6.1. It has Incorrect Access Control...

CVE-2019-20142

CVE-2019-20142 affects GitLab Community Edition (CE) and Enterprise Edition (EE) versions 12.3–12.6.1, allowing a Denial of Service . The Red Hat, NVD, OSV, and CVE records corroborate the DoS impact for GitLab CE/EE 12.3–12.6.1. The issued remediation in the public references indicates a patch r...

CVE-2019-20143

Affected product: GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. The issue is described as an Incorrect Access Control vulnerability. The connected Red Hat and OSV notes corroborate the same description; no further root-cause details are provided in the excerpts. The NVD entry li...

CVE-2019-20144

GitLab CVE-2019-20144 affects GitLab Community Edition (CE) and Enterprise Edition (EE) versions 10.8 through 12.6.1, with a root cause described as Incorrect Access Control. The NVD CVSS entries indicate a Network attack vector, Low complexity, and Privileges Required: Low, yielding a medium sev...

CVE-2019-20146

Removed by vendor...

CVE-2019-20148

An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 8.13 through 12.6.1. It has Incorrect Access Control...

CVE-2020-5197

CVE-2020-5197 affects GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1–12.6.1 and is described as an Incorrect Access Control flaw. Connected sources confirm the affected software range and the nature of the issue; no exploit details are provided in the documents. A security release ...

SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2020:0035-1)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Security issue fixed : CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory bsc1152308. Bug fixes: Update to Docker 19.03.5-c...

Improper access control

GitLab Community Edition CE and Enterprise Edition EE through 12.5 has Incorrect Access Control issue 2 of 2...

CVE-2019-19260

Technical details about CVE-2019-19260 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories for affected products and fixes.

CVE-2019-19254

CVE-2019-19254 affects GitLab Community Edition (CE) and Enterprise Edition (EE) from 9.6 up to 12.5, described as an Incorrect Access Control issue. The connected sources confirm the impacted versions and indicate a security release for GitLab 12.5.x (12.5.1) addressing the vulnerability; no exp...

Security Bulletin: Multiple vulenerabilities CVE-2019-0205, CVE-2019-0210 in thrift package

Summary Multiple vulenerabilities CVE-2019-0205, CVE-2019-0210 in thrift package Vulnerability Details CVEID: CVE-2019-0205 DESCRIPTION: In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue...

CVE-2019-15577

An information disclosure vulnerability exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed project milestones to be disclosed via groups browsing...

CVE-2019-15575

A command injection exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope...

CVE-2019-15576

An information disclosure vulnerability exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint...

CVE-2019-15577

CVE-2019-15577 affects GitLab CE/EE < v12.3.2, < v12.2.6,

CVE-2019-15577

Removed by vendor...

CVE-2019-5486

Removed by vendor...

CVE-2019-15631

CVE-2019-15631 is a remote code execution vulnerability affecting MuleSoft Mule CE/EE 3.x and API Gateway 2.x, described as exploitable to run arbitrary code by a remote attacker and linked to releases before 31 October 2019. The connected records consistently identify the affected product family...