19 matches found
PYSEC-2026-58
The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...
BIT-GITLAB-2025-14595 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...
CVE-2025-14595
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...
EUVD-2025-208995
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...
CVE-2025-14595
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...
CVE-2025-14595 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...
CVE-2025-14595
Summary of CVE-2025-14595 (GitLab) A vulnerability in GitLab Enterprise Edition (GitLab EE) allowed an authenticated user with the Planner role to view security category metadata and attributes in the group security configuration, due to insufficient access control. The issue affects GitLab EE ve...
CVE-2025-14595
Removed by vendor...
CVE-2025-14595 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...
PT-2026-27805
Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.6 through 18.8.6 GitLab EE versions 18.9 through 18.9.2 GitLab EE versions 18.10 through 18.10.0 Description An issue existed in GitLab EE where, under specific conditions, an authenticated user possessing the Planner rol...
GitLab Enterprise Edition(EE) 安全漏洞
GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. Versions of GitLab EE prior to 18.8.7, 18.9.3, and 18.10.1 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow authenticated users with...
EUVD-2020-3481
Malware in sbrugna...
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to...
CVE-2020-11127
u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...
GUAC - Aggregates Software Security Metadata Into A High Fidelity Graph Database
Note: GUAC is under active development - if you are interested in contributing, please look at contributor guide and the "express interest" issue Graph for Understanding Artifact Composition GUAC aggregates software security metadata into a high fidelity graph database—normalizing entity identiti...
CVE-2020-11127
u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...
CVE-2020-11127
u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...
CVE-2020-11127
CVE-2020-11127 affects Qualcomm Snapdragon firmware components (extensible boot loader) across multiple Snapdragon product lines. The issue is described as an integer overflow that can cause a buffer overflow due to a missing table-length check during validation of security metadata while process...
Google Solves Update Issue for Android Apps Installed from Unknown Sources
If you are wondering how to receive latest updates for an Android app—installed via a 3rd party source or peer-to-peer app sharing—directly from Google Play Store. For security reasons, until now apps installed from third-party sources cannot be updated automatically over-the-air, as Google does...