12 matches found
CVE-2025-5101 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of...
CVE-2025-5101
Removed by vendor...
Important: golang
Issue Overview: An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library stdlib and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice array causing a panic when...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. A branch/tag name confusion allows an attacker to manipulate pages where the content of the default branch would be expected...
SUSE CVE-2022-23773
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...
Design/Logic Flaw
A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected...
CVE-2022-3288
A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected...
CVE-2022-3288
Removed by vendor...
CVE-2022-3288
GitLab CVE-2022-3288 affects GitLab CE/EE; a branch/tag name confusion allows manipulation of pages where the default-branch content is expected. Affected versions: <15.2.5, <15.3.4, and
GitLab < 15.2.5 (CVE-2022-3288)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the defau...
DEBIAN-CVE-2022-23773
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...
PT-2005-3111 · Grandstream · Grandstream Budgetone (Bt) 100
Name of the Vulnerable Software and Affected Versions: Grandstream BudgeTone BT 100 affected versions not specified Description: The issue concerns the Grandstream BudgeTone BT 100 Voice over IP VoIP phones, which do not properly validate certain values in a NOTIFY message. This allows remote...