Juju has broken CMR authorization

Impact Cross-model Relation authorization is broken and has a potential security vulnerability. If the controller does not have the root key to verify the macaroon or if the macaroon has expired, an unvalidated and therefore untrusted macaroon is used to extract declared caveats. Facts from these...

EUVD-2022-24454

Malicious code in bioql PyPI...

EUVD-2024-16553

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-1111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions...

CVE-2022-1111

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages...

BIT-GITLAB-2022-1111

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. A business logic error in Project Import under certain conditions may show an unauthorized user in the Access Granted column in the project membership pages, which allows an authenticated attacker to bypass authorizations...

CVE-2022-1111

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages...

UBUNTU-CVE-2022-1111

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages...

Race condition

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages...

CVE-2022-1111

Removed by vendor...

CVE-2022-1111

CVE-2022-1111 affects GitLab CE/EE. The bug is a business-logic error in the Project Import feature that, under certain conditions, causes imported projects to display an incorrect user in the ‘Access Granted’ column on project membership pages. Affected versions include GitLab CE/EE 14.9 < 14...

CVE-2022-1111

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages...

CVE-2022-1111

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages...

PT-2022-13665 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.9 prior to 14.9.2 GitLab CE/EE versions 14.8 prior to 14.8.5 GitLab CE/EE versions 14.0 prior to 14.7.7 Description: A business logic error in Project Import under certain conditions caused imported projects to show a...

CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

CVE-2021-34553

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file via a GET request without having been granted access...

CVE-2018-11767

In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms...

Automatic access added to newly added bitbucket account without notificiation

Steps to replicate: Add a new bitbucket account to your JIRA OnDemand instance via the DVCS connector. Click on the cog to the right of your new account and view 'configure automatic access' Result: Automatic access will be set up and membership to the 'developers' group will be granted Expected...

MediaCoder-0.7.5.4796.exe 0-days Buffer Overflow (SEH)

Exploit for windows platform in category local exploits ====================================================== MediaCoder-0.7.5.4796.exe 0-days Buffer Overflow SEH ====================================================== Date: 04 / 12 / 2010 Author: Oh Yaw Theng Software Link:...