CVE-2023-5512

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...

CVE-2023-5512

CVE-2023-5512 affects GitLab CE/EE and concerns file integrity being compromised when specific HTML encoding is used for file names, causing incorrect UI representations. Affected versions: 16.3–16.4.3, 16.5–16.5.3, and 16.6–16.6.1. Root cause is a UI/filename encoding issue; no exploit details a...

CVE-2023-5512 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...

CVE-2023-5512 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...

CVE-2023-5512

Removed by vendor...

CVE-2023-6051

CVE-2023-6051 (GitLab CE/EE) affects GitLab releases prior to 16.4.4, all 16.5 releases before 16.5.4, and all 16.6 releases before 16.6.2, with file integrity potentially compromised when pulling source code or installation packages from a specific tag. The connected sources consistently describ...

CVE-2023-6051 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag...

CVE-2023-6051

Removed by vendor...

CVE-2023-6051 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag...

GitLab Code Injection Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a code injection vulnerability that stems from the fact th...

PT-2023-32491 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 16.4.4 GitLab CE/EE versions 16.5 through 16.5.3 GitLab CE/EE versions 16.6 through 16.6.1 Description: An issue has been discovered in GitLab CE/EE that may compromise file integrity when source code or...

GitLab 16.3 < 16.4.4 / 16.5 < 16.5.4 / 16.6 < 16.6.2 (CVE-2023-5512)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrit...

GitLab 0 < 16.4.4 / 16.5 < 16.5.4 / 16.6 < 16.6.2 (CVE-2023-6051)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be...

CVE-2023-49298

CVE-2023-49298 affects OpenZFS on Linux. OpenZFS versions 2.1.13 and 2.2.x up to 2.2.1 can, in certain scenarios where applications rely on efficient copying of file data, replace file contents with zero-valued bytes, potentially disabling security mechanisms. The underlying issue involves checki...

Qualys FIM Playbook for PCI 4.0

This File Integrity Monitoring FIM playbook is your comprehensive guide to establishing and maintaining an effective FIM program aligned with the latest PCI DSS 4.0 standards. By meticulously monitoring and ensuring the integrity of vital files and configurations, your organization can bolster it...

The vulnerability of the AppleMobileFileIntegrity component in operating systems such as iPadOS, tvOS, iOS, and watchOS allows attackers to circumvent existing security restrictions.

The vulnerability of the AppleMobileFileIntegrity component in operating systems such as iPadOS, tvOS, iOS, and watchOS is related to the lack of protection for service data. It is also associated with deficiencies in access control. Exploiting this vulnerability could allow attackers to circumve...

PCI DSS 4.0 FIM Requirements Simplified with Qualys File Integrity Monitoring

File Integrity Monitoring FIM is one of the essential requirements under PCI DSS 4.0. It helps organizations detect and respond to unauthorized changes in critical system files, configuration files, or content files, which is crucial for maintaining the security of cardholder data. Organizations...

CVE-2023-36851

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

PT-2023-8420 · Apple · Applemobilefileintegrity +4

Name of the Vulnerable Software and Affected Versions: AppleMobileFileIntegrity versions prior to macOS Sonoma 14 Safari versions prior to iOS 17 Safari versions prior to iPadOS 17 Description: The issue is related to errors in processing permissions in the AppleMobileFileIntegrity component of t...

CVE-2023-36846

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is ab...