Improper access control

An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group...

UBUNTU-CVE-2023-6955

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group...

CVE-2023-6955 Missing Authorization in GitLab

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group...

CVE-2023-6955 Missing Authorization in GitLab

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group...

CVE-2023-6955

Removed by vendor...

CVE-2023-6955

CVE-2023-6955 – Missing authorization check in GitLab Remote Development . The vulnerability affects GitLab Remote Development and is exploitable in all versions prior to 16.5.6, 16.6 before 16.6.4, and 16.7 before 16.7.2. The root cause is a missing authorization check that allows an attacker to...

Is it possible to customize the Virtual Channel function on Citrix Virtual Apps and Desktops ?

The Citrix Virtual Channel software development kit SDK supports writing server-side applications and client-side drivers for more virtual channels using the ICA protocol...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from an incorrect access...

Microsoft .NET Denial of Service Vulnerability (CNVD-2024-02713)

Microsoft .NET is a software framework dedicated to agile software development, rapid application development, platform-agnosticism, and web transparency. A denial of service vulnerability exists in Microsoft .NET, which can be exploited by attackers to cause a denial of service...

CVE-2023-6955

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group...

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems CMS, and SaaS platforms such as Amazon Web Services AWS, Microsoft 365, PayPal, Sendgrid, and Twilio. "Key features include credential harvesting for spamming attacks,...

Siemens Solid Edge Buffer Overflow Vulnerability (CNVD-2024-01408)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. A buffer overflow vulnerability exists in Samsung Solid Edge, which can be exploited by an attacker to execute code in the context of th...

Siemens Solid Edge Uninitialized Pointer Access Vulnerability (CNVD-2024-01400)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. An uninitialized pointer access vulnerability exists in Siemens Solid Edge, which can be exploited by an attacker to execute code in the...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause global buffer overflow CVE-2023-39615 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

Siemens Solid Edge Buffer Overflow Vulnerability (CNVD-2024-01407)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. A buffer overflow vulnerability exists in Samsung Solid Edge, which can be exploited by an attacker to execute code in the context of th...

PT-2024-13757 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: An insufficient entropy issue exists in the userRecoverPass.php recoverPass generation functionality. This can be exploited by sending a specially crafted HTTP request, potentially leading...

Siemens Solid Edge Uninitialized Pointer Access Vulnerability (CNVD-2024-01401)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. An uninitialized pointer access vulnerability exists in Siemens Solid Edge, which can be exploited by an attacker to execute code in the...

Siemens Solid Edge Out-of-Bounds Write Vulnerability (CNVD-2024-01403)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute code in the context...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2024-01405)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

AZL-39559 CVE-2022-36763 affecting package hvloader for versions less than 1.0.1-3

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...