109 matches found
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the Blobs::ProxyController. An attacker can exhaust server memory by sending requests with large or unbounded range headers. Remediation Upgrade activestorage to version 7.2.3.1, 8.0.4.1,...
Improper Handling of Length Parameter Inconsistency
Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency in the readGGUFV1String function, which is exposed over the /blobs and /create endpoints. An attacker can cause the service to become unavailable by submitting malicious GGUF metadata...
CVE-2022-0687
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role...
Linux Distros Unpatched Vulnerability : CVE-2025-10004
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instan...
BIT-GITLAB-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...
CVE-2025-10004
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...
CVE-2025-10004
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...
UBUNTU-CVE-2025-10004
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...
CVE-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...
CVE-2025-10004
CVE-2025-10004 affects GitLab CE/EE versions 13.12 through 18.2.8, 18.3 through 18.3.4, and 18.4 through 18.4.2. The issue allows crafted GraphQL queries to request large repository blobs, potentially making a GitLab instance unresponsive or severely degraded. A remediation has been released; Git...
CVE-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...
EUVD-2014-0061
Malware in sbrugna...
EUVD-2019-6543
Malware in sbrugna...
EUVD-2020-5532
Malware in sbrugna...
EUVD-2021-22795
Malware in sbrugna...
EUVD-2011-1443
Malware in sbrugna...
CVE-2025-34206 Vasion Print (formerly PrinterLogic) Insecure Shared Storage Permissions
Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments mount host configuration and secret material under /var/www/efsstorage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env, GPG-encrypted blobs in...
CVE-2025-34206
The CVE-2025-34206 entry concerns Vasion Print (PrinterLogic) Virtual Appliance Host and Application. It describes overly-permissive permissions on host files mounted into multiple Docker containers under /var/www/efs_storage, enabling access to secrets.env, GPG-encrypted blobs, MySQL client keys...
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
...
Linux Distros Unpatched Vulnerability : CVE-2020-13271
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through...