NewStart CGSL MAIN 5.04 : docker-ce Vulnerability (NS-SA-2023-0109)

The remote NewStart CGSL host, running version MAIN 5.04, has docker-ce packages installed that are affected by a vulnerability: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up...

Denial Of Service (DoS)

GitLab CE/EE is vulnerable to Denial Of Service DoS. The vulnerability is caused due to invalid 'startsha' value on the merge requests page in GitLab.This potentially leads to Denial Of Service DoS attack...

FreeBSD : putty -- add protocol extension against 'Terrapin attack' (91955195-9ebb-11ee-bc14-a703705db3a6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91955195-9ebb-11ee-bc14-a703705db3a6 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : OpenSSH vulnerabilities (USN-6560-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6560-1 advisory. Fabian Bumer, Marcus Brinkmann, Jrg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If...

CVE-2023-6051

An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...

CVE-2023-5512

CVE-2023-5512 affects GitLab CE/EE and concerns file integrity being compromised when specific HTML encoding is used for file names, causing incorrect UI representations. Affected versions: 16.3–16.4.3, 16.5–16.5.3, and 16.6–16.6.1. Root cause is a UI/filename encoding issue; no exploit details a...

CVE-2023-5512 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...

CVE-2023-5512

Removed by vendor...

CVE-2023-6051

CVE-2023-6051 (GitLab CE/EE) affects GitLab releases prior to 16.4.4, all 16.5 releases before 16.5.4, and all 16.6 releases before 16.6.2, with file integrity potentially compromised when pulling source code or installation packages from a specific tag. The connected sources consistently describ...

CVE-2023-6051

Removed by vendor...

CVE-2023-48123

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packetcapture.php file...

CVE-2023-48123

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packetcapture.php file...

CVE-2023-6033

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...

CVE-2023-6033 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...

CVE-2023-6033

CVE-2023-6033 affects GitLab CE/EE: improper neutralization of input in Jira integration configuration enables cross-site scripting (XSS) by an attacker. Impact spans GitLab versions 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3. Documented impact is attacker-executed Java...

CVE-2023-6033

Removed by vendor...

CVE-2023-6033 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...

PT-2023-32486 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.10 through 16.4.2 GitLab CE/EE versions 16.5 through 16.5.2 GitLab CE/EE versions 16.6 through 16.6.0 Description: The issue is related to improper neutralization of input in Jira integration configuration, allowing a...

CE Phoenix 1.0.8.20 Remote Code Execution

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...