BIT-JAVA-MIN-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

CVE-2026-27723

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

CVE-2026-27723

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

PT-2026-23480

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

EUVD-2023-47337

Malicious code in bioql PyPI...

UBUNTU-CVE-2024-5528

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...

Malicious code in yelp-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f281d7fb655f7083b4004d10fb257b419c7aeaf1ea0b79636721d4724aec51d9 The OpenSSF Package Analysis project identified 'yelp-lib' @ 17.1.2 npm as malicious. It is considered malicious because: - The package...

PT-2024-5204 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.6 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 GitLab CE/EE versions 17.2 through 17.2.0 Description: A cross-site scripting issue exists, allowing an attacker to execute arbitrary scripts under the contex...

BIT-GITLAB-2024-6595 Uncontrolled Search Path Element in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data...

GitLab 11.8 < 16.11.6 / 17.0 < 17.0.4 / 17.1 < 17.1.2 (CVE-2024-6595)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to...

Vulnerability fixed in GitLab CE/EE

GitLab has fixed a vulnerability in GitLab CE/EE A malicious person could exploit the vulnerability under certain circumstances to start a Continuous Integration/Continuous Deployment CI/CD pipeline process as any other user. GitLab has released updates to fix the vulnerability in GitLab CE/EE...

CVE-2024-2880

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with admingroupmember custom role permission could ban group members...

CVE-2024-5470

Removed by vendor...

GitLab CE/EE Security Vulnerabilities

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE. An attacker exploiting the...

PT-2024-4667 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.8 through 16.11.6 GitLab CE/EE versions 17.0 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 Description: An issue was discovered in GitLab CE/EE, which allows an attacker to trigger a pipeline as another use...

Safari < 17.1.2 Multiple Vulnerabilities

Binary data 701455.pasl...

Apple Safari Security Update (HT214033)

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...

CVE-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

Input validation

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versio...

CVE-2023-42916

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versio...