Lucene search
K

967 matches found

CVE
CVE
added 2024/09/26 11:2 p.m.68 views

CVE-2024-4099

GitLab Enterprise Edition (EE) is affected by CVE-2024-4099 across all versions: 16.0–16.2.x? (as per description: 16.0 up to 17.2.7, 17.3 up to 17.3.3, and 17.4 up to 17.4.0). The underlying issue involves an AI feature that reads unsanitized content, which could allow an attacker to hide prompt...

5.3CVSS4.4AI score0.00278EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/09/26 11:2 p.m.15 views

CVE-2024-4099 Improper Encoding or Escaping of Output in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection...

3.1CVSS6.4AI score0.00278EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/09/26 11:2 p.m.15 views

CVE-2024-4099

Removed by vendor...

5.3CVSS5.8AI score0.00278EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/09/26 11:2 p.m.15 views

CVE-2024-4099 Improper Encoding or Escaping of Output in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection...

3.1CVSS6.7AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2024/09/26 6:15 p.m.10 views

CVE-2024-45989

Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious...

4CVSS0.00315EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.5 views

PT-2024-31874 · Unknown · Monica Ai Assistant

Name of the Vulnerable Software and Affected Versions: Monica AI Assistant desktop application version 2.3.0 Description: The issue allows an attacker to modify the chatbot's answer with an unloaded image, which can exfiltrate the user's sensitive chat data of the current session to a malicious...

4CVSS7.2AI score0.00315EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/09/26 12:0 a.m.15 views

CVE-2024-45989

Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious...

0.00315EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.4 views

PT-2024-6709 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.0 through 17.2.7 GitLab EE versions 17.3 through 17.3.3 GitLab EE versions 17.4 through 17.4.0 Description: An issue has been discovered in GitLab EE affecting the AI feature, which reads unsanitized content. This could...

5.3CVSS6.5AI score0.00278EPSS
Exploits0References12
CVE
CVE
added 2024/09/26 12:0 a.m.42 views

CVE-2024-45989

CVE-2024-45989 affects the Monica AI Assistant desktop application v2.3.0. The vulnerability is a prompt injection that allows an attacker to inject an unloaded image into chatbot answers, enabling exfiltration of the user’s current-session chat data to a malicious third party or attacker-control...

4CVSS6.6AI score0.00315EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/09/25 11:47 a.m.16 views

ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function

A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence AI tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of...

6.6AI score
Exploits0
OSV
OSV
added 2024/08/26 8:28 a.m.30 views

BIT-GITLAB-2024-7110 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...

6.4CVSS6.6AI score0.00338EPSS
Exploits0References2
NVD
NVD
added 2024/08/22 4:15 p.m.23 views

CVE-2024-7110

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...

6.4CVSS0.00338EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/08/22 4:15 p.m.14 views

CVE-2024-7110

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...

6.4CVSS6.1AI score0.00338EPSS
Exploits0References2
OSV
OSV
added 2024/08/22 4:15 p.m.1 views

UBUNTU-CVE-2024-7110

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...

6.4CVSS6.1AI score0.00338EPSS
Exploits0References3
CVE
CVE
added 2024/08/22 3:30 p.m.68 views

CVE-2024-7110

CVE-2024-7110 affects GitLab EE, spanning all versions 17.0–17.1.6, 17.2 before 17.2.4, and 17.3 before 17.3.1. The issue allows an attacker to execute arbitrary commands in a victim’s pipeline via prompt injection. The available connected documents consistently describe the vulnerability as a co...

6.4CVSS7.7AI score0.00338EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/22 3:30 p.m.21 views

CVE-2024-7110 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...

6.4CVSS7.9AI score0.00338EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/08/22 3:30 p.m.16 views

CVE-2024-7110

Removed by vendor...

6.4CVSS5.8AI score0.00338EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/22 12:0 a.m.21 views

GitLab 17.1 < 17.1.6 / 17.2 < 17.2.4 / 17.3 < 17.3.1 (CVE-2024-7110)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeli...

6.4CVSS6AI score0.00338EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.5 views

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions 17.0 through 17.1.6, 17.2 through 17.2.4, and 17.3 through 17.3.1, which stems from an arbitrary command that can be executed via...

6.4CVSS6.8AI score0.00338EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2024/08/21 12:0 a.m.24 views

Gitlab -- vulnerabilities

Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases Denial of Service by importing maliciously crafted GitHub repository Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline ...

6.5CVSS8.1AI score0.00462EPSS
Exploits0References1
Rows per page
Query Builder