Log

CVE-2018-18511 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Same-origin policy bypass
Description
+ A cross-origin theft of images issue has been found in the ImageBitmapRenderingContext component of firefox 65.0, where cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. The issue has been fixed in 65.0.1 and versions prior to 65.0 were not affected.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2019-5785
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1526218
Notes
CVE-2018-18520 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=23787
+ https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
Notes
CVE-2018-18521 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=23786
+ https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
Notes
CVE-2018-18557 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ LibTIFF before 4.0.10 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
+ https://gitlab.com/libtiff/libtiff/merge_requests/38
+ https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66
Notes
CVE-2018-18640 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ A security issue has been found in gitlab versions prior to 11.4.3, where private project pages had inadequate cache control, which resulted in unauthorized users being able to view them in the browser.
References
+ https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
+ https://gitlab.com/gitlab-org/gitlab-ce/commit/5e125b0f84ad768d7ff19905d03820f561c21f98
Notes
CVE-2018-18641 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Information disclosure
Description
+ A security issue has been found in gitlab versions prior to 11.4.3, where personal access tokens were being stored unencrypted as plain text in the database which could result in attackers potentially reading them via SQL injection or other database leaks.
References
+ https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
+ https://gitlab.com/gitlab-org/gitlab-ce/commit/daed01a5ca348e7d267b50e325bf58185617a0ad
Notes
CVE-2018-18642 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ A security issue has been found in gitlab versions prior to 11.4.3, where the license management and security reports pages contained a lack of input validation and output encoding which resulted in a persistent XSS.
References
+ https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
Notes
+ Only affects Enterprise Edition, not for us.
CVE-2018-18643 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ A security issue has been found in gitlab versions prior to 11.4.3, where the fragment identifier (hash) of several pages contained a lack of input validation and output encoding issue which resulted in a persistent XSS.
References
+ https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
+ https://gitlab.com/gitlab-org/gitlab-ce/commit/5342df04045e1c8a98fdb9fe8203a816bf240ac8
Notes
CVE-2018-18644 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ A security issue has been found in gitlab versions prior to 11.4.3, where the Prometheus integration was vulnerable to an indirect object reference issue which allowed an unauthorized user to see private information. This information includes the project name, environment name, metric name, and metric query. Additionally, an unauthorized user could create false alarms.
References
+ https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
Notes
+ Only affects Enterprise Edition, not for us.
CVE-2018-18645 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Information disclosure
Description
+ A security issue has been found in gitlab versions prior to 11.4.3, where when replying to an issue through email, with the GitLab email footer included, a user's unsubscribe link would be included in the issue. This information is considered sensitive.
References
+ https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
+ https://gitlab.com/gitlab-org/gitlab-ce/commit/82c12bd8bf9e0ea9e8df3bbcad91c27fccc709e8
Notes