A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.
CVE-2020-13318PUBLISHED: 2020-09-14A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.
CVE-2020-24457PUBLISHED: 2020-09-14Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
CVE-2020-25573PUBLISHED: 2020-09-14An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint.
CVE-2020-25574PUBLISHED: 2020-09-14An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).
Support the originator by clicking the read the rest link below.
