Code injection

An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity...

CVE-2019-13011

An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity...

CVE-2019-13011

CVE-2019-13011 affects GitLab Enterprise Edition 8.11.0 through 12.0.2. An attacker with access to a project (but not its repository) could brute-force enumerate a list of merge request template names, due to excessive algorithmic complexity in the relevant function. The vulnerability has a netwo...

CVE-2019-13011

Removed by vendor...

CVE-2020-7212

The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...

Internet Bug Bounty: DirectoryIterator class silently truncates after a null byte

The bug submitted at: https://bugs.php.net/bug.php?id=78863 The security advisory at: https://nvd.nist.gov/vuln/detail/CVE-2019-11045 There's an issue with SPL PHP extension on splfilesystemobjectconstruct function. When creating a new DirectoryIterator object splfilesystemobjectconstruct functio...

Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Protect Plus (CVE-2019-14833, CVE-2019-14847, CVE-2019-10218)

Summary Security vulnerabilities in Samba affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-14833 DESCRIPTION: A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new...

GHSA-CMCX-XHR8-3W9P Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-core to gt;=...

GE Healthcare Ultrasound products (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION : low attack complexity Vendor : GE Healthcare Equipment : Ultrasound Products Vulnerability : Protection Mechanism Failure, Incorrect User Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...

The vulnerability of the IBM Security Identity Manager software lies in the lack of requirements for complexity of user passwords, which allows a perpetrator to gain access to user accounts.

The vulnerability of the IBM Security Identity Manager software is related to the lack of requirements regarding the complexity of user passwords. Exploiting this vulnerability can allow a malicious actor to gain access to user accounts remotely...

Siemens PROFINET-IO Stack (Update H)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Guarding against supply chain attacks—Part 2: Hardware risks

The challenge and benefit of technology today is that it’s entirely global in nature. This reality is brought into focus when companies assess their supply chains, and look for ways to identify, assess, and manage risks across the supply chain of an enterprise. Part 2 of the “Guarding against...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2019-2303)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1428)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cloud Transformation – 2020 Trend #1

The Imperva team is closing out 2019 with a series on the cybersecurity trends we predict will shape the landscape in 2020. Last week, Imperva CTO Kunal Anand mined insights from our global customer base and our research team, Imperva Research Labs, to come up with his top five list of...

EulerOS 2.0 SP5 : samba (EulerOS-SA-2019-2547)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname ...

EulerOS 2.0 SP8 : samba (EulerOS-SA-2019-2303)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user...

CVE-2019-19126

A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...

Samba 4.5.x / 4.6.x / 4.7.x / 4.8.x / 4.9.x < 4.9.15 / 4.10.x < 4.10.10 / 4.11.x < 4.11.2 Password Complexity Check Bypass (CVE-2019-14833)

The version of Samba running on the remote host is 4.5.x, 4.6.x, 4.7.x, 4.8.x, 4.9.x prior to 4.9.15, 4.10.x prior to 4.10.10, or 4.11.x prior to 4.11.2. It is, therefore, affected by a password complexity check bypass vulnerability. An authenticated attacker could use this flaw to change their...

ALPINE-CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...