An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project.

An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir_handleRx(), and are included in an EIR's length. Therefore, one can exceed the expected 240 bytes, which leads to a heap-based buffer overflow in eir_getReceivedEIR() called by bthci_event_SendInquiryResultEvent(). In order to exploit this bug, an attacker must repeatedly connect to the victim's device in a short amount of time from different source addresses. This will cause the victim's Bluetooth stack to resolve the device names and therefore allocate buffers with attacker-controlled data. Due to the heap corruption, the name will be eventually written to an attacker-controlled location, leading to a write-what-where condition.

The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.

The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.

GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.

GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.

GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.

GitLab EE 10.1 through 12.7.2 allows Information Disclosure.

GitLab through 12.7.2 allows XSS.

GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).

GitLab EE 11.0 and later through 12.7.2 allows XSS.

GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.

GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.

GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).

GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.

It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations.

TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644.