EUVD-2017-3784

Malware in sbrugna...

EUVD-2023-23789

Malicious code in bioql PyPI...

CVE-2023-3210

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content...

GHSA-GPRJ-3P75-F996 Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0

Impact JupyterHub 5.0, when used with GlobusOAuthenticator, could be configured to allow all users from a particular institution only. The configuration for this would look like: python Require users to be using the "foo.horse" identity provider, often an institution or university...

BIT-GITLAB-2023-3210 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content...

CVE-2023-4630

Removed by vendor...

CVE-2023-1555

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...

CVE-2022-4343

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile...

Input validation

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects...

Denial of service

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content...

UBUNTU-CVE-2023-0120

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user...

CVE-2023-4647

Removed by vendor...

CVE-2023-1555

Removed by vendor...

PT-2023-26981 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.2 through 16.2.4 GitLab EE versions 16.3 through 16.3.0 Description: An information disclosure issue in GitLab EE allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming...

FreeBSD : Gitlab -- Vulnerabilities (aaea7b7c-4887-11ee-b164-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the aaea7b7c-4887-11ee-b164-001b217b3468 advisory. - An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before...

PT-2023-26806 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.1 through 16.1.4 GitLab EE versions 16.2 through 16.2.4 GitLab EE versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab EE where an external user with an owner role on any group can escalate...

GitLab 16.1 < 16.1.5 / 16.2 < 16.2.5 / 16.3 < 16.3.1 (CVE-2023-3915)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an...

GitLab 4.1 < 16.1.5 / 16.2 < 16.2.5 / 16.3 < 16.3.1 (CVE-2023-1279)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was...

CVE-2021-39822

Adobe InDesign versions 16.3 and earlier, and 16.3.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP...

Rocky Linux 9 : webkit2gtk3 (RLSA-2023:0903)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0903 advisory. - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing...