Free Trial

Web Application Firewall

Multiple vulnerabilities reported in GitLab EE

Overview :

Affected Product(s) :

Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Vulnerability Details :

CVE ID :

CVE-2020-13348

An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

CVE ID :

CVE-2020-13349

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Solution :

This vulnerability is currently awaiting analysis.

CVE-2023-39295 : QNAP QUMAGIE UP TO 2.1.2 OS COMMAND INJECTION

What Is A SYN Flood Attacks?

CVE-2023-31403 : SAP SAP BUSINESS ONE 10.0 SMB SHARED FOLDER ACCESS CONTROL

zzcms 2018 template_user.php ml/title code injection

August 26, 2021 No Comments

A vulnerability was found in zzcms 2018 (Content Management System) and classified as critical. This issue affects an unknown function

ZyXEL VPN2S 1.12 Web Server path traversal

September 29, 2021 No Comments

A vulnerability classified as problematic was found in ZyXEL VPN2S 1.12. Affected by this vulnerability is an unknown part of

Zyxel VPN2S 1.12 CGI Program os command injection

September 29, 2021 No Comments

A vulnerability has been found in Zyxel VPN2S 1.12 and classified as critical. This vulnerability affects some unknown processing of

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

July 2, 2021 No Comments

A vulnerability was found in Zyxel USG, USG Flex, Zywall, ATP and VPN up to 4.64 (Firewall Software). It has

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

July 26, 2021 No Comments

A vulnerability was found in ZyXEL GS1900-8 2.60. It has been classified as problematic. This affects an unknown code of

Zynamics BinDiff up to 6 i64 File use after free

June 30, 2021 No Comments

A vulnerability, which was classified as critical, has been found in Zynamics BinDiff up to 6. This issue affects an

CVE-2024-20418 : CISCO IOS XE CONTROLLER WEB-BASED MANAGEMENT INTERFACE COMMAND INJECTION

November 7, 2024 No Comments

Description A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB)

CVE-2024-20536 : CISCO DATA CENTER NETWORK MANAGER 12.1.2E/12.1.2P/12.1.3B WEB-BASED MANAGEMENT INTERFACE/REST API ENDPOINT SQL INJECTION

November 7, 2024 No Comments

Description A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could

CVE-2024-50340 : SYMFONY INJECTION

November 7, 2024 No Comments

Description symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the

Multiple vulnerabilities reported in GitLab EE

Recent Posts

CVE-2023-39295 : QNAP QUMAGIE UP TO 2.1.2 OS COMMAND INJECTION

What Is A SYN Flood Attacks?

CVE-2023-31403 : SAP SAP BUSINESS ONE 10.0 SMB SHARED FOLDER ACCESS CONTROL

Follow Us

zzcms 2018 template_user.php ml/title code injection

ZyXEL VPN2S 1.12 Web Server path traversal

Zyxel VPN2S 1.12 CGI Program os command injection

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

Zynamics BinDiff up to 6 i64 File use after free

Web Application Firewall Solution

CVE-2024-20418 : CISCO IOS XE CONTROLLER WEB-BASED MANAGEMENT INTERFACE COMMAND INJECTION

CVE-2024-20536 : CISCO DATA CENTER NETWORK MANAGER 12.1.2E/12.1.2P/12.1.3B WEB-BASED MANAGEMENT INTERFACE/REST API ENDPOINT SQL INJECTION

CVE-2024-50340 : SYMFONY INJECTION