CVE-2023-0155

An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown...

CVE-2023-1178

CVE-2023-1178 affects GitLab CE/EE across multiple release lines: all 8.6–15.9.5, 15.10.0–15.10.4, and 15.11.0. The root cause is file integrity being compromised when pulling source or installation packages from a tag or release that references another commit. The impact is potential integrity c...

CVE-2023-0155

CVE-2023-0155 affects GitLab CE/EE and enables an open redirect due to framing arbitrary content on any page, with user-controlled markdown. Impact applies to all versions before 15.8.5, 15.9.4, and 15.10.1, per provided descriptions. Connected documents corroborate the vulnerability across multi...

CVE-2023-1204

CVE-2023-1204 affects GitLab CE/EE with vulnerable ranges: 10.1–15.10.7, 15.11–15.11.6, and 16.0–16.0.1. Affected components relate to user update settings where an issue allows a user to set an unverified email as both the public email and the commit email by sending a crafted request. The vulne...

ce-ref.com Cross Site Scripting vulnerability OBB-3285875

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-2532 · Cisco · Cisco Telepresence Ce +1

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence CE and RoomOS versions affected versions not specified Description: The issue is related to improper access controls on files in the local file system, allowing an authenticated, local attacker to overwrite arbitrary files...

NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Multiple Vulnerabilities (NS-SA-2023-0014)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has docker-ce packages installed that are affected by multiple vulnerabilities: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to...

CVE-2023-1708

CVE-2023-1708 affects GitLab CE/EE, where non-printable characters copied from the clipboard can trigger execution of unexpected commands on the victim machine. Affected versions are GitLab CE/EE 1.0 up to but not including 15.8.5, 15.8.x up to 15.8.4, 15.9 up to but not including 15.9.4, and 15....

CVE-2023-1708

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine...

CVE-2023-1708

Removed by vendor...

SUSE: Security Advisory (SUSE-SU-2023:1628-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-20955 · Netgate · Pfsense Ce +1

Name of the Vulnerable Software and Affected Versions: pfSense Plus software version 22.05.1 pfSense CE software version 2.6.0 Description: The issue is related to improper restriction of excessive authentication attempts in the SSHGuard component, allowing attackers to bypass brute force...

CVE-2023-1084

An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request...

CVE-2023-1084

CVE-2023-1084 affects GitLab CE/EE. Affected versions include all before 15.7.8, 15.8 before 15.8.4, and 15.9 before 15.9.2. The issue allows a malicious project Maintainer to create a Project Access Token with Owner level privileges via a crafted request. Primary sources (NVD, OSV, and vendor di...

CVE-2023-1084

Removed by vendor...

CVE-2023-1084

An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request...

CVE-2022-4007

A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behal...

CVE-2022-4007

GitLab CE/EE: A cross-site scripting (XSS) vulnerability in the title field of work items affects all versions from 15.3 up to, but not including, 15.7.8; 15.8 up to, but not including, 15.8.4; and 15.9 up to, but not including, 15.9.2. The issue allows attackers to perform arbitrary actions on b...

PT-2023-16588 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.0 through 15.6.7 GitLab CE/EE versions 15.7 through 15.7.6 GitLab CE/EE versions 15.8 through 15.8.1 Description: An issue has been discovered in GitLab CE/EE that allows a Denial of Service DoS attack by uploading a...

Jspreadsheet CE 跨站脚本漏洞

Jspreadsheet CE is Jspreadsheet open source a lightweight javascript plugin . Used to create web-based interactive tables and spreadsheets compatible with other spreadsheet software . A security vulnerability exists in Jspreadsheet CE versions prior to v4.6.0, which stems from a cross-site...