91 matches found
CVE-2023-0450
An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users...
CVE-2023-0450
GitLab CVE-2023-0450 affects all versions from 8.1 to 15.8.5, 15.9 up to 15.9.4, and 15.10 up to 15.10.1. The issue allows adding a branch with an ambiguous name that could be used to social engineer users. The provided documents do not specify a concrete root cause in code, a fixed patch version...
FreeBSD : Gitlab -- Multiple Vulnerabilities (54006796-cf7b-11ed-a5d5-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 54006796-cf7b-11ed-a5d5-001b217b3468 advisory. - Gitlab reports: Cross-site scripting in Maximum page reached page Private project guests can...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Cross-site scripting in "Maximum page reached" page Private project guests can read new changes using a fork Mirror repository error reveals password in Settings UI DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint...
SUSE SLES15 Security Update : podman (SUSE-SU-2023:0326-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0326-1 advisory. podman was updated to version 4.3.1: 4.3.1: Bugfixes - Fixed a deadlock between the podman ps and podman container inspect commands...
CVE-2023-0014
SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...
Design/Logic Flaw
SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...
SAP NetWeaver和SAP NetWeaver ABAP Server 安全漏洞
SAP NetWeaver and SAP NetWeaver ABAP Server are products of SAP, Germany.SAP NetWeaver is an integrated, service-oriented application platform that provides a development environment for SAP applications. SAP NetWeaver is an integrated, service-oriented application platform that provides a...
RHEL 8 : libreoffice (RHSA-2022:7461)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7461 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...
Direct usage of execute() may leave unintended replayable orders
Lines of code Vulnerability details Impact A user might unexpectedly have his order replayed. Proof of Concept The usage of execute is ambiguous. Either the user attemps to match and execute any two already placed orders, or he has found an order of interest and calls execute with a new order...
Regular Expression Denial Of Service (ReDoS)
d3-color is vulnerable to regular expression denial of service. The vulnerability exists due to an ambiguous regular expression allowing an attacker to exploit the vulnerability by causing backtracking via a maliciously crafted string...
Ambiguous situation exists for calling triggerDepeg and triggerEndEpoch functions when block.timestamp is set to epochEnd
Lines of code Vulnerability details Impact As shown by the following isDisaster modifier, which is used by the triggerDepeg function below, and the triggerEndEpoch function below, when block.timestamp is set to epochEnd, both of the triggerDepeg and triggerEndEpoch functions are allowed to be...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2022-2218)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...
F-secure Atlant 安全漏洞
F-secure Atlant is a platform for building applications that can scan and detect malicious files from the Finnish company F-secure. A security vulnerability exists in F-secure Atlant that stems from a scanning of ambiguous APK files that can cause the scanning engine to crash...
jetty: Ambiguous paths can access WEB-INF
In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...
GHSA-77VH-XPMG-72QH Clarify `mediaType` handling
Impact In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index. Patches The Image Specification will be updated to recommend that both manifest and index...
Clarify `mediaType` handling
Impact In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index. Patches The Image Specification will be updated to recommend that both manifest and index...
Medium: containerd, docker
Issue Overview: In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 and versions of...
Jetty WEB-INF File Disclosure
Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access protected files in the WEB-INF folder. Versions effected are: 9.4.37.v20210219, 9.4.38.v20210224 and 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5. Exploitation can obtain any file in the WEB-INF folder, bu...
Mozilla Firefox Security Advisory (MFSA2012-28) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...