176 matches found
CVE-2025-0838
CVE-2025-0838 describes a heap buffer overflow in Abseil-cpp triggered by oversized args in sized constructors, reserve(), and rehash() for absl::{flat,node}hash{set,map}. This can cause integer overflow when computing the container backing store size and lead to out-of-bounds memory writes. Publ...
CVE-2025-0838 Heap Buffer overflow in Abseil
There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve, and rehash methods of absl::flat,nodehashset,map did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer...
RockyLinux 8 : libsoup (RLSA-2025:0838)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:0838 advisory. libsoup: buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict CVE-2024-52531 Tenable has extracted the preceding description block directly from...
AlmaLinux 8 : libsoup (ALSA-2025:0838)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:0838 advisory. libsoup: buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict CVE-2024-52531 Tenable has extracted the preceding description block directly from...
Oracle Linux 8 : libsoup (ELSA-2025-0838)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-0838 advisory. 2.62.3-7 - Backport upstream patch for CVE-2024-52531 - buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict Resolves: RHEL-76376 Tenable has...
RHEL 5 : pki (RHSA-2010:0838)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0838 advisory. Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure PKI deployments. Simple...
CVE-2024-0838
creationtimestamp| type| source ---|---|--- 2024-03-09 01:01:34+00:00| seen| https://t.me/ctinow/203702...
BIT-GITLAB-2023-2620 Insertion of Sensitive Information Into Sent Data in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...
CVE-2024-0838 Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-0838
CVE-2024-0838 affects the Happy Addons for Elementor WordPress plugin. It allows Stored XSS via the Age Gate’s side image URL parameter in all versions up to 3.10.1, exploitable by authenticated users with contributor access or higher. The root cause is insufficient input sanitization and output ...
GitLab < 15.8.5 (SECURITY-RELEASE-GITLAB-15-10-1-RELEASED)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A...
CVE-2023-2620
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...
CVE-2023-0838
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342...
CVE-2023-0838
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342...
CVE-2023-0838
GitLab CVE-2023-0838 affects GitLab CE/EE versions 15.1–15.8.4, 15.9.0–15.9.3, and 15.10.0–15.10.0 (i.e., before 15.8.5, 15.9.4, and 15.10.1). The issue allows a maintainer to modify a webhook URL to leak masked webhook secrets by adding a new parameter to the URL, addressing an incomplete fix fo...
GitLab 15.1 < 15.8.5 / 15.9 < 15.9.4 / 15.10 < 15.10.1 (CVE-2023-0838)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook...
Oracle Linux 8 : samba (ELSA-2023-0838)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0838 advisory. - related: rhbz2154369 - Add additional patch for CVE-2022-38023 - resolves: rhbz2154369 - Fix CVE-2022-38023 - resolves: rhbz2108331 - Fix CVE-2022-32742 Tenab...
Rocky Linux 8 : samba (RLSA-2023:0838)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0838 advisory. - Netlogon RPC Elevation of Privilege Vulnerability CVE-2022-38023 Note that Nessus has not tested for this issue but has instead relied only on the application'...
CVE-2021-0838
CVE-2021-0838 is listed in the Android 12 release notes under the System component with Android bug ID A-170491114, classified as ID (Information disclosure) and rated Moderate. The connected document confirms the CVE entry exists and provides only the type and severity information; no root-cause...