Security Vulnerabilities - CVEs Published In September 2019
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-09-16
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead.
CVSS Score
9.8
EPSS Score
0.098
Published
2019-09-16
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-09-16
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-09-16
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-09-16
In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-09-16
OpenEMR v5.0.1-6 allows code execution.
CVSS Score
7.2
EPSS Score
0.004
Published
2019-09-16
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.
CVSS Score
7.5
EPSS Score
0.01
Published
2019-09-16
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.
CVSS Score
6.5
EPSS Score
0.012
Published
2019-09-16
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-09-16