Lucene search
K

941 matches found

Veracode
Veracode
•added 2023/08/07 12:22 a.m.•16 views

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. An attacker can cause high resource consumption using malicious test report artifacts, leading to an application crash...

7.5CVSS6.8AI score0.01243EPSS
Exploits0References4Affected Software1
Malwarebytes
Malwarebytes
•added 2023/07/05 10:0 a.m.•19 views

Malicious ad for USPS fishes for banking credentials

We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails. Threat actors continue to abuse a...

6.8AI score
Exploits0
Vaadin
Vaadin
•added 2023/06/22 12:0 a.m.•67 views

Apache Commons FileUpload - DoS with excessive parts

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

7.5CVSS6.8AI score0.46836EPSS
Exploits1Affected Software2
The Hacker News
The Hacker News
•added 2023/06/19 12:37 p.m.•38 views

Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems

Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems. "As of now, these samples are still largely undetected and very little information is available about any of them," Bitdefender researchers Andrei...

7.3AI score
Exploits0
OSV
OSV
•added 2023/06/14 3:30 p.m.•14 views

GHSA-9PVW-8Q92-HM9W Stored XSS vulnerability in Jenkins Maven Repository Server Plugin

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...

5.4CVSS5.4AI score0.00617EPSS
Exploits0References3
OSV
OSV
•added 2023/06/14 1:15 p.m.•4 views

CVE-2023-35144

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS5.7AI score0.00617EPSS
Exploits0References2
Cvelist
Cvelist
•added 2023/06/14 12:53 p.m.•18 views

CVE-2023-35144

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...

5.8AI score0.00617EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2023/06/14 12:0 a.m.•5 views

PT-2023-25163 Ā· Jenkins Ā· Jenkins Maven Repository Server PluginĀ +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Repository Server Plugin versions 1.10 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape project and build display names on the Build...

5.4CVSS5.5AI score0.00617EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2023/06/07 5:15 p.m.•3 views

CVE-2023-0121

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test repo...

7.5CVSS5.9AI score0.01243EPSS
Exploits0References4Affected Software1
NVD
NVD
•added 2023/06/07 5:15 p.m.•15 views

CVE-2023-0121

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test repo...

7.5CVSS6.5AI score0.01243EPSS
Exploits0References3
Prion
Prion
•added 2023/06/07 5:15 p.m.•17 views

Denial of service

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test repo...

5CVSS7AI score0.01243EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
•added 2023/06/07 12:0 a.m.•25 views

CVE-2023-0121 Allocation of Resources Without Limits or Throttling in GitLab

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test repo...

6.5CVSS7.3AI score0.01243EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2023/06/07 12:0 a.m.•7 views

CVE-2023-0121 Allocation of Resources Without Limits or Throttling in GitLab

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test repo...

6.5CVSS6.3AI score0.01243EPSS
Exploits0References3
Debian CVE
Debian CVE
•added 2023/06/07 12:0 a.m.•23 views

CVE-2023-0121

Removed by vendor...

7.5CVSS7.1AI score0.01243EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2023/06/07 12:0 a.m.•4 views

PT-2023-16028 Ā· Gitlab Ā· Gitlab Ce/EeĀ +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.2.4 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 Description: A denial of service issue was discovered in GitLab CE/EE, which allows an attacker to cause high...

7.5CVSS6.6AI score0.01243EPSS
Exploits0References14
OSV
OSV
•added 2023/06/07 12:0 a.m.•13 views

CVE-2023-0121 Allocation of Resources Without Limits or Throttling in GitLab

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test repo...

6.5CVSS7.2AI score0.01243EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2023/06/07 12:0 a.m.•15 views

CVE-2023-0121

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test repo...

7.5CVSS7.1AI score0.01243EPSS
Exploits0References2
NVD
NVD
•added 2023/06/06 7:15 p.m.•10 views

CVE-2023-33957

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The...

5.7CVSS4.7AI score0.00506EPSS
Exploits0References2
NVD
NVD
•added 2023/06/06 7:15 p.m.•19 views

CVE-2023-33958

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...

6.5CVSS5.8AI score0.00485EPSS
Exploits0References2
Prion
Prion
•added 2023/06/06 7:15 p.m.•10 views

Code injection

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Use...

6.8CVSS8.5AI score0.00354EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder