CVE-2024-42565

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete...

CVE-2023-1072

An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to...

CVE-2022-1193

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances...

CVE-2024-49902

In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmtleafidx greater than num leaves per dmap tree, add a checking for dmtleafidx in dbFindLeaf. Shaggy: Modified sani...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. This vulnerability occurs when an attacker can send a large number of requests to read commit details. This could cause GitLab to run out of resources, such as memory or CPU, and could lead to a denial of service...

CVE-2023-1072

GitLab CVE-2023-1072 affects all versions from 9.0 up to 15.7.7, 15.8.0–15.8.3 and 15.9.0–15.9.1. It stems from improper filtering for the number of requests to read commit details, enabling a resource depletion attack. NVD lists CVSS v3.1 base score 5.3 (Network, Low attack complexity, None priv...

GSD-2022-1004104 tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.

tcp: Fix data-races around sysctltcpslowstartafteridle. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.15 by commit...

GSD-2022-1001849 drm/tegra: Fix reference leak in tegra_dsi_ganged_probe

drm/tegra: Fix reference leak in tegradsigangedprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

UBUNTU-CVE-2022-1193

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances...

GSD-2022-1000621 scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()

scsi: bnx2fc: Flush destroywork queue before calling bnx2fcinterfaceput This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.5 by commit...

GSD-2021-1002497 net/smc: fix wrong list_del in smc_lgr_cleanup_early

net/smc: fix wrong listdel in smclgrcleanupearly This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.84 by commit...

UVI-2021-1001701 HID: amd_sfh: Fix potential NULL pointer dereference - take 2

HID: amdsfh: Fix potential NULL pointer dereference - take 2 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.10 by commit...

UVI-2021-1001565 cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory

cpufreq: schedutil: Destroy mutex before kobjectput frees the memory This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.209 by commit...

GSD-2021-1001351 seq_buf: Fix overflow in seq_buf_putmem_hex()

seqbuf: Fix overflow in seqbufputmemhex This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.133 by commit...

UVI-2021-1000344 wlcore: Fix buffer overrun by snprintf due to incorrect buffer size

wlcore: Fix buffer overrun by snprintf due to incorrect buffer size This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.37 by commit...