Security Vulnerabilities - CVEs Published In 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.
CVSS Score
7.2
EPSS Score
0.001
Published
2019-12-30
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
CVSS Score
6.3
EPSS Score
0.001
Published
2019-12-30
An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-12-30
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).
CVSS Score
7.5
EPSS Score
0.004
Published
2019-12-30
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-12-30
An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-12-30
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-30
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-12-30
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-12-30
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-12-30