EUVD-2023-0846

Malicious code in bioql PyPI...

Xiaomi Game center 安全漏洞

Xiaomi Game center is an application marketplace software from Chinese company Xiaomi Xiaomi. A security vulnerability exists in Xiaomi Game center version 13.10, which stems from improper input validation and could lead to the execution of malicious code...

GitLab 13.8 < 13.8.7 / 13.9 < 13.9.5 / 13.10 < 13.10.1 (CVE-2021-22198)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. CVE-2021-22198 Note that...

GitLab 10.6 < 13.8.7 / 13.9 < 13.9.5 / 13.10 < 13.10.1 (CVE-2021-22197)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target...

NCP Secure Enterprise Client Security Vulnerability

NCP Secure Enterprise Client is a VPN Virtual Private Network client application from NCP Germany. A security vulnerability exists in NCP Secure Enterprise Client versions prior to 13.10, which originates in Support Assistant that allows an attacker to execute DLL files with system privileges by...

CVE-2023-2190 Authorization Bypass Through User-Controlled Key in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the...

PT-2023-18352 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.10 through 15.11.10 GitLab CE/EE versions 16.0 through 16.0.6 GitLab CE/EE versions 16.1 through 16.1.1 Description: An issue has been discovered in GitLab CE/EE that may allow users to view new commits to private...

postgresql:13 security update

postgresql 13.10-1 - Resolves: 2173598 - Update to 13.10...

CVE-2023-26474

XWiki Platform vulnerability (CVE-2023-26474): Starting with version 13.10, a user with the rights of an existing document content author can execute a text area property via wiki syntax, enabling privilege escalation. The underlying root cause is an unintended execution path for text area proper...

PT-2023-20665 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 13.10 through 14.4.6 XWiki Platform versions 13.10 through 13.10.10 XWiki Platform versions 14.0 through 14.4.6 Description: The issue allows an attacker to use the rights of an existing document content author to...

Security fix for the ALT Linux 10 package postgresql13 version 13.10-alt1

13.10-alt1 built Feb. 20, 2023 Alexei Takaseev in task 314938 Feb. 8, 2023 Alexei Takaseev - 13.10 Fixes CVE-2022-41862 - Conflicts: 14-1C - 15-1C...

Ubuntu: Security Advisory (USN-2104-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2499

GitLab EE Jira integration contains an insecure direct object reference vulnerability that may allow an attacker to leak Jira issues. Affected GitLab EE versions: 13.10–15.0.4, 15.1–15.1.3, and 15.2–15.2.0. Root cause is an insecure direct object reference in the Jira integration. Remediation by ...

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But ...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

GitLab 11.9.x < 13.8.8 / 13.9.x < 13.9.6 / 13.10.x < 13.10.3 Remote Code Execution

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9 through 13.8.8 / 13.9.6 / 13.10.3. This is the result of improper validation of image files by a 3rd-party file parser Exif-Tool, resulting in a remote command execution. No source data...

CVE-2021-39888

In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates...

UBUNTU-CVE-2021-22233

An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details...

Information disclosure

An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details...

CVE-2021-22233

Removed by vendor...