Lucene search
K

91 matches found

OSV
OSV
added 2023/04/05 12:0 a.m.16 views

CVE-2023-0450

An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users...

3.7CVSS9.3AI score0.00683EPSS
Exploits0References5
CVE
CVE
added 2023/04/05 12:0 a.m.88 views

CVE-2023-0450

GitLab CVE-2023-0450 affects all versions from 8.1 to 15.8.5, 15.9 up to 15.9.4, and 15.10 up to 15.10.1. The issue allows adding a branch with an ambiguous name that could be used to social engineer users. The provided documents do not specify a concrete root cause in code, a fixed patch version...

4.6CVSS4.5AI score0.00683EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/31 12:0 a.m.51 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (54006796-cf7b-11ed-a5d5-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 54006796-cf7b-11ed-a5d5-001b217b3468 advisory. - Gitlab reports: Cross-site scripting in Maximum page reached page Private project guests can...

9.8CVSS6.3AI score0.01242EPSS
Exploits1References17
FreeBSD
FreeBSD
added 2023/03/30 12:0 a.m.57 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Cross-site scripting in "Maximum page reached" page Private project guests can read new changes using a fork Mirror repository error reveals password in Settings UI DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint...

9.8CVSS6.3AI score0.01242EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/02/14 12:0 a.m.39 views

SUSE SLES15 Security Update : podman (SUSE-SU-2023:0326-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0326-1 advisory. podman was updated to version 4.3.1: 4.3.1: Bugfixes - Fixed a deadlock between the podman ps and podman container inspect commands...

7.5CVSS6.5AI score0.02085EPSS
Exploits3References20
OSV
OSV
added 2023/01/10 4:15 a.m.4 views

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...

9.8CVSS7.3AI score0.00693EPSS
Exploits0References2
Prion
Prion
added 2023/01/10 4:15 a.m.26 views

Design/Logic Flaw

SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...

7.5CVSS9AI score0.00693EPSS
Exploits0References2Affected Software4
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.18 views

SAP NetWeaver和SAP NetWeaver ABAP Server 安全漏洞

SAP NetWeaver and SAP NetWeaver ABAP Server are products of SAP, Germany.SAP NetWeaver is an integrated, service-oriented application platform that provides a development environment for SAP applications. SAP NetWeaver is an integrated, service-oriented application platform that provides a...

9.8CVSS8.2AI score0.00693EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/11/08 12:0 a.m.15 views

RHEL 8 : libreoffice (RHSA-2022:7461)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7461 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...

7.5CVSS7.7AI score0.00965EPSS
Exploits0References6
Code423n4
Code423n4
added 2022/10/10 12:0 a.m.8 views

Direct usage of execute() may leave unintended replayable orders

Lines of code Vulnerability details Impact A user might unexpectedly have his order replayed. Proof of Concept The usage of execute is ambiguous. Either the user attemps to match and execute any two already placed orders, or he has found an order of interest and calls execute with a new order...

7.1AI score
Exploits0
Veracode
Veracode
added 2022/09/30 7:10 a.m.18 views

Regular Expression Denial Of Service (ReDoS)

d3-color is vulnerable to regular expression denial of service. The vulnerability exists due to an ambiguous regular expression allowing an attacker to exploit the vulnerability by causing backtracking via a maliciously crafted string...

4.6AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.12 views

Ambiguous situation exists for calling triggerDepeg and triggerEndEpoch functions when block.timestamp is set to epochEnd

Lines of code Vulnerability details Impact As shown by the following isDisaster modifier, which is used by the triggerDepeg function below, and the triggerEndEpoch function below, when block.timestamp is set to epochEnd, both of the triggerDepeg and triggerEndEpoch functions are allowed to be...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/08/17 12:0 a.m.41 views

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2022-2218)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...

7.5CVSS7.2AI score0.02693EPSS
Exploits3References5
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.5 views

F-secure Atlant 安全漏洞

F-secure Atlant is a platform for building applications that can scan and detect malicious files from the Finnish company F-secure. A security vulnerability exists in F-secure Atlant that stems from a scanning of ambiguous APK files that can cause the scanning engine to crash...

7.5CVSS7.3AI score0.00398EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.3 views

jetty: Ambiguous paths can access WEB-INF

In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...

5.3CVSS7.4AI score0.82371EPSS
Exploits7References5
OSV
OSV
added 2021/11/18 4:2 p.m.9 views

GHSA-77VH-XPMG-72QH Clarify `mediaType` handling

Impact In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index. Patches The Image Specification will be updated to recommend that both manifest and index...

3CVSS6.9AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/11/18 4:2 p.m.38 views

Clarify `mediaType` handling

Impact In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index. Patches The Image Specification will be updated to recommend that both manifest and index...

1.9AI score
Exploits0References5Affected Software1
Amazon
Amazon
added 2021/11/18 12:0 a.m.53 views

Medium: containerd, docker

Issue Overview: In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 and versions of...

5CVSS6.9AI score0.02085EPSS
Exploits0
Metasploit
Metasploit
added 2021/11/13 5:42 p.m.1859 views

Jetty WEB-INF File Disclosure

Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access protected files in the WEB-INF folder. Versions effected are: 9.4.37.v20210219, 9.4.38.v20210224 and 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5. Exploitation can obtain any file in the WEB-INF folder, bu...

5.3CVSS7.1AI score0.99298EPSS
Exploits11
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.24 views

Mozilla Firefox Security Advisory (MFSA2012-28) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

2.6CVSS9.5AI score0.01858EPSS
Exploits0References3
Rows per page
Query Builder