942 matches found
CVE-2024-4811
In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts...
CVE-2024-4811
In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts...
CVE-2024-4811
In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts...
CVE-2024-4811
CVE-2024-4811 affects Octopus Server. Affected versions expose a security issue where a user with specific role assignments can access restricted project artifacts under certain conditions. The CVSS 3.1 base score is 2.2 (LOW) with vectors: AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N; attack vector is NE...
UBUNTU-CVE-2024-7057
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...
CVE-2024-7057
Removed by vendor...
PT-2024-32991 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows a user with specific role assignments to access restricted project artifacts under certain conditions. Recommendations: At the moment, there is no information about ...
Octopus Server 安全漏洞
Octopus Server is a deployment automation and release management tool for continuous delivery from Octopus Australia. A security vulnerability exists in Octopus Server that stems from a user with a specific role assignment having access to restricted project artifacts under certain conditions...
FreeBSD : Gitlab -- Vulnerabilities (24c88add-4a3e-11ef-86d7-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 24c88add-4a3e-11ef-86d7-001b217b3468 advisory. Gitlab reports: XSS via the Maven Dependency Proxy Project level analytics settings leaked in...
Ghostscript Command Execution via Format String
This module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2...
CVE-2024-3959
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user...
CVE-2024-3959
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user...
UBUNTU-CVE-2024-3959
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user...
CVE-2024-3959
CVE-2024-3959 affects GitLab CE/EE: all versions from 16.7 up to 16.11.5, 17.0 up to 17.0.3, and 17.1 up to 17.1.1. Issue: improper authorization that allows private job artifacts to be accessed by any user. Impact: exposure of private artifacts; no integrity/availability impact stated beyond acc...
CVE-2024-3959 Improper Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user...
CVE-2024-3959 Improper Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user...
CVE-2024-3959
Removed by vendor...
CVE-2024-3959 Improper Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user...
GitLab Authorization Issues Vulnerability
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. An authorization issue vulnerability exists in GitLab CE/EE, which stems from...
cosign: Malicious artifects can cause machine-wide denial of service
A flaw was found in the Cosign package where maliciously crafted software artifacts can trigger uncontrolled resource consumption by allocating too much memory and starving out the system. A successful attack may result in a denial of service of the machine running Cosign, impacting availability...