CVE-2021-23954

The Mozilla Foundation Security Advisory describes this flaw as: Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash...

Security Advisory - Logic Vulnerability in Huawei Gauss100 Product

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Vulnerability ID: HWPSIRT-2020-94600 This...

WordPress Total Upkeep Unauthenticated Backup Downloader

This module exploits an unauthenticated database backup vulnerability in WordPress plugin 'Boldgrid-Backup' also known as 'Total Upkeep' version use auxiliary/scanner/http/wptotalupkeepdownloader msf auxiliarywptotalupkeepdownloader show actions ...actions... msf auxiliarywptotalupkeepdownloader...

Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack

The U.S. government has identified Russia as the “likely” culprit behind the widespread SolarWinds cyberattack that has so far affected multiple federal agencies and private-sector companies. Cyberespionage is cited as the motivation behind the attack, which the feds characterized as ongoing. In ...

CVE-2020-35850

An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think it is a big real-life issue...

Server side request forgery (ssrf)

An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think it is a big real-life issue...

CVE-2020-35850

An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think it is a big real-life issue...

CVE-2020-26411

A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x =13.4 to =13.5 to =13.6 to 13.6.2. Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused...

CVE-2020-26411

A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x =13.4 to =13.5 to =13.6 to 13.6.2. Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused...

CVE-2020-26411

A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x =13.4 to =13.5 to =13.6 to 13.6.2. Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused...

UBUNTU-CVE-2020-26411

A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x =13.4 to =13.5 to =13.6 to 13.6.2. Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused...

CVE-2020-26411

CVE-2020-26411 affects GitLab versions 13.4.x (>=13.4 to =13.5 to =13.6 to

CVE-2020-26411

A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x =13.4 to =13.5 to =13.6 to 13.6.2. Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused...

CVE-2020-26411

Removed by vendor...

Denial Of Service (DoS)

gitlab is vulnerable to denial of service. An attacker is able to cause a denial of service condition in the application using a specific query name for a project search which will cause statement timeouts...

Russia's FireEye Hack Is a Statement—but Not a Catastrophe

The fallout from the attack may not be as dire as it first sounds...

Gitlab Denial of Service Vulnerability (CNVD-2020-70850)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A denial of service vulnerability exists in all versions ...

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A denial of service vulnerability exists in all versions ...

FreeBSD : Gitlab -- Multiple vulnerabilities (5d5e5cda-38e6-11eb-bbbf-001b217b3468)

Gitlab reports : XSS in Zoom Meeting URL Limited Information Disclosure in Private Profile User email exposed via GraphQL endpoint Group and project membership potentially exposed via GraphQL Search terms logged in search parameter in rails logs Un-authorised access to feature flag user list A...

Gitlab -- Multiple vulnerabilities

Gitlab reports: XSS in Zoom Meeting URL Limited Information Disclosure in Private Profile User email exposed via GraphQL endpoint Group and project membership potentially exposed via GraphQL Search terms logged in search parameter in rails logs Un-authorised access to feature flag user list A...