CVE-2025-11974 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE and EE versions 11.7 through 18.3...

Linux Distros Unpatched Vulnerability : CVE-2025-26625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the content...

PT-2025-43139

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.7 through 18.3.5 GitLab CE/EE versions 18.4 through 18.4.3 GitLab CE/EE versions 18.5 through 18.5.1 Description An unauthenticated attacker could create a denial of service condition by uploading large files to specif...

SUSE CVE-2025-26625

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

CVE-2025-26625

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

EUVD-2025-34886

Git LFS may write to arbitrary files via crafted symlinks...

CVE-2025-26625

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

EUVD-2014-1902

Malware in sbrugna...

EUVD-2017-0128

Malware in sbrugna...

EUVD-2007-0537

Malware in sbrugna...

EUVD-2014-6977

Malware in sbrugna...

EUVD-2007-0562

Malware in sbrugna...

EUVD-2017-18000

Malware in sbrugna...

EUVD-2017-10228

Malware in sbrugna...

SUSE CVE-2025-59729

When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...

EUVD-2025-32518

When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...

CVE-2025-59729

CVE-2025-59729 affects FFmpeg’s DHAV handling. The provided technical description shows an integer underflow in the offset calculation when parsing a DHAV header, causing a 32-bit offset read to reference data outside the allocated buffer. In large DHAV files (e.g., > 0x100000 bytes), the end_...

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...

EUVD-2024-29841

Malicious code in bioql PyPI...