CVE-2020-10218

A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.

Source: CVE-2020-10218

CVE-2020-10084

GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace

Source: CVE-2020-10084

CVE-2020-10089

GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,

Source: CVE-2020-10089

CVE-2020-10091

GitLab before 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types.

Source: CVE-2020-10091

CVE-2020-10090

GitLab before 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.

Source: CVE-2020-10090

CVE-2020-10082

GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.

Source: CVE-2020-10082

CVE-2020-10087

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.

Source: CVE-2020-10087

CVE-2020-10086

GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.

Source: CVE-2020-10086

CVE-2020-10088

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.

Source: CVE-2020-10088

CVE-2020-10085

GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.

Source: CVE-2020-10085