Jan

Name of the Vulnerable Software and Affected Versions: Cypress WICED Studio version 6.2 Description: An issue was discovered in Cypress WICED Studio where a Bluetooth Low Energy (BLE) packet is copied into a Heap buffer. The buffer allocated is four bytes too small to hold the maximum packet size, allowing an attacker to corrupt a pointer in the linked list holding free buffers. This pointer can be controlled by overflowing with packet data and the packet CRC checksum, potentially resulting in a write-what-where condition. Recommendations: For Cypress WICED Studio version 6.2, update to BT SDK2.4 or BT SDK2.45 to resolve the issue. As a temporary workaround, consider restricting the reception of BLE packets to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 8.8 up to 11.3.10 GitLab CE/EE version 11.4 up to 11.4.7 GitLab CE/EE version 11.5 up to 11.5.0 **Description** The issue allows access to the web-UI as a user using a Personal Access Token of any scope, due to an authorization vulnerability. **Recommendations** For GitLab CE/EE versions 8.8 up to 11.3.10, update to version 11.3.11 or later. For GitLab CE/EE version 11.4 up to 11.4.7, update to version 11.4.8 or later. For GitLab CE/EE version 11.5 up to 11.5.0, update to version 11.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** Horde Kronolith Calendar Application H4 versions prior to 3.0.17 Horde Groupware Webmail Edition versions prior to 4.0.8 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the tasks view or search view. **Recommendations** For Horde Kronolith Calendar Application H4 versions prior to 3.0.17, update to version 3.0.17 or later. For Horde Groupware Webmail Edition versions prior to 4.0.8, update to version 4.0.8 or later.