33 matches found
Hackers Infecting Apple App Developers With Trojanized Xcode Projects
Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed...
CVE-2020-13326
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed...
Design/Logic Flaw
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed...
GitLab Github Project Import Restriction Bypass Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A Github project import restriction bypass vulnerability exists in GitLab versions prior to 13.1. A...
CVE-2020-13326
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed...
FreeBSD : Gitlab -- Multiple Vulnerabilities (0a305431-bc98-11ea-a051-001b217b3468)
Gitlab reports : Missing Permission Check on Time Tracking Cross-Site Scripting in PyPi Files API Insecure Authorization Check on Private Project Security Dashboard Cross-Site Scripting in References Cross-Site Scripting in Group Names Cross-Site Scripting in Blob Viewer Cross-Site Scripting in...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Missing Permission Check on Time Tracking Cross-Site Scripting in PyPi Files API Insecure Authorization Check on Private Project Security Dashboard Cross-Site Scripting in References Cross-Site Scripting in Group Names Cross-Site Scripting in Blob Viewer Cross-Site Scripting in...
Remote Code Execution Vulnerability in Application Inspector
A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output. An attacker who exploited it could send sections of the report containing code snippets to an external...
Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events
On October 22, security researcher Omar Ganiev published a tweet regarding remote code execution vulnerability in PHP-FPM the FastCGI Process Manager running on the Nginx server. The tweet includes a link to a GitHub repository with an explanation of the vulnerability and a PoC proof-of-concept f...
unrar/unrar_fuzzer: Use-of-uninitialized-value in IsRelativeSymlinkSafe
Project: https://github.com/aawc/unrar.git Detailed report: https://oss-fuzz.com/testcase?key=5604229642190848 Project: unrar Fuzzer: libFuzzerunrarfuzzer Fuzz target binary: unrarfuzzer Job Type: libfuzzermsanunrar Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...
lcms: Heap-buffer-overflow in TetrahedralInterpFloat
Project: https://github.com/mm2/Little-CMS.git Detailed report: https://oss-fuzz.com/testcase?key=6445740790382592 Project: lcms Fuzzer: libFuzzerlcmscmstransformfuzzer Fuzz target binary: cmstransformfuzzer Job Type: libfuzzerasanlcms Platform Id: linux Crash Type: Heap-buffer-overflow READ 4...
libass: Heap-buffer-overflow in parse_tag
Project: https://github.com/libass/libass.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=4693221439438848 Target: libass Fuzzer: libFuzzerlibassfuzzer Fuzzer binary: libassfuzzer Job Type: libfuzzerasanlibass Platform Id: linux Crash Type: Heap-buffer-overflow READ 1...
Heap-buffer-overflow in cid_parser_new
Project: https://github.com/freetype/freetype2-testing.git...