» 2019 » 12월

CVE-2018-20507

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-20507

An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

Source: CVE-2018-20507

CVE-2018-20498

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-20498

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

Source: CVE-2018-20498

CVE-2018-20499

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-20499

An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.

Source: CVE-2018-20499

CVE-2018-20488

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-20488

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.

Source: CVE-2018-20488

CVE-2012-5663

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2012-5663

The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).

Source: CVE-2012-5663

CVE-2013-0196

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2013-0196

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using ‘Basic authentication’ and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.

Source: CVE-2013-0196

CVE-2018-20490

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-20490

An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.

Source: CVE-2018-20490

CVE-2013-0264

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2013-0264

An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it.

Source: CVE-2013-0264

CVE-2018-20489

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-20489

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

Source: CVE-2018-20489

CVE-2013-2016

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2013-2016

A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host’s qemu address space and thus increase their privileges on the host.

Source: CVE-2013-2016