Lucene search
+L

108 matches found

ubuntucve
ubuntucve
added 2023/09/29 7:15 a.m.16 views

CVE-2023-3920

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...

4.3CVSS5.8AI score0.00381EPSS
Exploits0References1
veracode
veracode
added 2023/08/06 2:34 p.m.20 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles project forks. An attacker can exploit this vulnerability to access data of an internal repository through a public project fork, even if the attacker does not have permissions t...

7.5CVSS6.4AI score0.01003EPSS
Exploits0References3Affected Software1
osv
osv
added 2023/07/13 2:15 a.m.10 views

UBUNTU-CVE-2023-2190

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the...

6.5CVSS6.5AI score0.00663EPSS
Exploits0References4
code423n4
code423n4
added 2023/07/13 12:0 a.m.6 views

The fork mechanism of Nouns lacks a fork cooling-off period/clarification period/remedial period mechanism, which cannot resist someone maliciously inciting the emotions of DAO members and triggering impulsive forks

Lines of code Vulnerability details Impact It's important that forking happen rarely. Once a fork occurs, it cannot be canceled. It is not a good thing for DAO to happen. It is necessary to ensure that DAO members propose a fork after calm deliberation. The current Nouns forking mechanism lacks a...

7.1AI score
Exploits0
ptsecurity
ptsecurity
added 2023/07/13 12:0 a.m.8 views

PT-2023-18352 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.10 through 15.11.10 GitLab CE/EE versions 16.0 through 16.0.6 GitLab CE/EE versions 16.1 through 16.1.1 Description: An issue has been discovered in GitLab CE/EE that may allow users to view new commits to private...

6.5CVSS6AI score0.00663EPSS
Exploits0References11
cvelist
cvelist
added 2023/05/26 9:49 p.m.40 views

CVE-2023-31128 NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection

NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...

8.1CVSS9.1AI score0.03344EPSS
Exploits1References5
redhat
redhat
added 2023/05/16 8:43 a.m.4 views

kernel: use-after-free related to leaf anon_vma double reuse

A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...

5.5CVSS6.6AI score0.00971EPSS
Exploits3References5
thn
thn
added 2023/05/05 9:52 a.m.3 views

Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Installs Compromised

PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json wit...

7.1AI score
Exploits0
ptsecurity
ptsecurity
added 2023/04/05 12:0 a.m.4 views

PT-2023-13316 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.10 through 15.8.4 GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab that allows an attacker to disclose branch names when they have a fork of a...

3.7CVSS6.4AI score0.00795EPSS
Exploits0References12
kitploit
kitploit
added 2022/12/17 11:30 a.m.37 views

Octosuite - Advanced Github OSINT Framework

A framework fro gathering osint on GitHub users, repositories and organizations Wiki Refer to the Wiki for installation instructions, in addition to all other documentation. Features Fetches an organization's profile information Fetches an oganization's events Returns an organization's repositori...

7.2AI score
Exploits0References3
ptsecurity
ptsecurity
added 2022/11/02 12:0 a.m.4 views

PT-2022-28210 · Ckb · Ckb

Name of the Vulnerable Software and Affected Versions: ckb versions prior to 0.101.1 Description: The issue arises from the HeaderCheckercheck valid function skipping main chain checking, which can lead to network forking if a transaction uses a forked block header not present in the local node's...

7AI score
Exploits0References4
code423n4
code423n4
added 2022/10/21 12:0 a.m.12 views

Upgraded Q -> M from 964 [1666360503408]

Judge has assessed an item in Issue 964 as Medium risk. The relevant finding follows: Non-critical: EIP712 signatures on GolomTrader could be replayed in case of blockchain forks The chainId is burnt into EIP712DOMAINTYPEHASH rather than checked each time. This means that signatures could be...

6.8AI score
Exploits0
bdu_fstec
bdu_fstec
added 2022/04/05 12:0 a.m.8 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in access control, allowing attackers to gain access to confidential data.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient restrictions on access to project forks. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to confidential data...

7.5CVSS7.2AI score0.01084EPSS
Exploits0References4Affected Software1
code423n4
code423n4
added 2022/03/30 12:0 a.m.7 views

Using the native payable.transfer to send ETH in WithdrawFacet

Lines of code Vulnerability details Impact The withdraw function in WithdrawFacet uses the native transfer keyword to send ETH, which is considered unsafe because of the fixed gas budget, and its functionality could be broken in some circumstances: 1. The receiver consumes more than 2300 amounts ...

6.8AI score
Exploits0
cnnvd
cnnvd
added 2021/12/13 12:0 a.m.5 views

Matkt Hyperledger Besu 安全漏洞

Matkt Hyperledger Besu is an open source application from Matkt. It is used to run, maintain, debug and monitor nodes in the Ethernet network. A security vulnerability exists in Besu starting in version 21.10.0, which stems from changes in the software implementation of the SHL, SHR, and SAR...

7.5CVSS7.3AI score0.01417EPSS
Exploits0References4
cnnvd
cnnvd
added 2021/07/06 12:0 a.m.6 views

GitLab安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An access control error vulnerability exists in GitLab...

7.5CVSS5.7AI score0.01084EPSS
Exploits0References3
nessus
nessus
added 2021/07/06 12:0 a.m.10 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (8ba8278d-db06-11eb-ba49-001b217b3468)

Gitlab reports : DoS using Webhook connections CSRF on GraphQL API allows executing mutations through GET requests Private projects information disclosure Denial of service of user profile page Single sign-on users not getting blocked Some users can push to Protected Branch with Deploy keys A...

6.3AI score
Exploits0References2
freebsd
freebsd
added 2021/07/01 12:0 a.m.18 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: DoS using Webhook connections CSRF on GraphQL API allows executing mutations through GET requests Private projects information disclosure Denial of service of user profile page Single sign-on users not getting blocked Some users can push to Protected Branch with Deploy keys A...

6.6AI score
Exploits0References1
cnnvd
cnnvd
added 2021/03/03 12:0 a.m.5 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is Github an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that allows bypassing restrictions tha...

6.5CVSS6.5AI score0.0081EPSS
Exploits0References1
github
github
added 2020/09/01 3:29 p.m.72 views

Cross-Site Scripting in bootstrap-tagsinput

All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has not seen...

1.4AI score0.0067EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder