The host is installed with Gitlab-ce or Gitlab-ee 8.17 through 12.4 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a permissions issue. Successful exploitation allows attackers to obtain sensitive information.
The host is installed with Gitlab-ee 10.5.x through 12.3.8, 12.4.x through 12.4.5 or 12.5.x through 12.5.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a issue in the Group Search API provided by the Elasticsearch integration. Successful exploitation allows attackers to diclose private code, when transferring a public project ...
The host is installed with Gitlab-ee before 12.1.13, 12.2.0 before 12.2.7 or 12.3.0 before 12.3.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an access control issue. Successful exploitation allows attackers to obtain sensitive information.
The host is installed with Gitlab-ce or Gitlab-ee 8.15 through 12.4 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an acess control issue. Successful exploitation allows attackers to obtain sensitive information.
The host is installed with Gitlab-ce or Gitlab-ee 8.17 through 12.4 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a permissions issue. Successful exploitation allows attackers to obtain sensitive information.
The host is installed with Gitlab-ee before 12.1.13, 12.2.0 before 12.2.7 or 12.3.0 before 12.3.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an access control issue. Successful exploitation allows attackers to obtain sensitive information.
The host is installed with Gitlab-ee 10.5.x through 12.3.8, 12.4.x through 12.4.5 or 12.5.x through 12.5.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a issue in the Group Search API provided by the Elasticsearch integration. Successful exploitation allows attackers to diclose private code, when transferring a public project ...
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
A microarchitectural timing flaw was found on some Intel processors. In a corner case where data in-flight during the eviction process can end up in the fill buffers and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.
A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.