CVE-2023-39197

An out-of-bounds read vulnerability was found in Netfilter Connection Tracking conntrack in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. An attacker can trigger high CPU usage via a special crafted input added in the Commit message field, leading to an application crash...

CVE-2023-34112

JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the bytedeco/javacpp-presets use the github.event.headcommit.message​ parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection...

PT-2023-24684 · Unknown · Javacpp Presets

Name of the Vulnerable Software and Affected Versions: JavaCPP Presets versions prior to 1.5.9 Description: The issue concerns the insecure use of the github.event.head commit.message parameter in JavaCPP Presets, leading to a command injection vulnerability due to string interpolation. No...

CVE-2023-30623

embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...

CVE-2023-30623 Arbitrary command injection in embano1/wip

embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...

SUSE CVE-2016-8568

The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...

CVE-2022-2908

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit messag...

Design/Logic Flaw

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit messag...

UBUNTU-CVE-2022-2908

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit messag...

CVE-2022-2908

Removed by vendor...

CVE-2022-2908

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit messag...

CVE-2022-2908

GitLab CVE-2022-2908 affects GitLab CE/EE: DoS via crafted input in the Commit message field causing high CPU. Affected: GitLab versions starting from 10.7 up to 15.1.5, 15.2 up to 15.2.3, and 15.3 up to 15.3.1. Patches exist in 15.1.5, 15.2.3, and 15.3.1 releases; upgrade to these fixed builds w...

多款 GitLab 产品资源管理错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab Community Edition CE and GitLab...

多款 GitLab 产品资源管理错误漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community edition of GitLab. A security vulnerability exists in GitLab Community Edition CE and GitLab Enterprise...

XSS Vulnerability in HTML Writer

This is: - X a bugfix - a new feature Checklist: - X Changes are covered by unit tests - X Code style is respected - X Commit message explains why the change is made see https://github.com/erlang/otp/wiki/Writing-good-commit-messages - X CHANGELOG.md contains a short summary of the change -...

XXE Vulnerability

This is: - a bugfix - a new feature - X security Checklist: - X Changes are covered by unit tests - X Code style is respected - X Commit message explains why the change is made see https://github.com/erlang/otp/wiki/Writing-good-commit-messages - X CHANGELOG.md contains a short summary of the...

Synology Note Station Cross-Site Scripting Vulnerability

Synology Note Station is a cloud-based note management platform from Synology. A cross-site scripting vulnerability exists in SYNO.NoteStation.Note in Synology Note Station versions prior to 2.5.1-0844. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML with th...

CVE-2018-8912

Cross-site scripting XSS vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commitmsg parameter...

Fedora 24 : git (2017-01a7989fc0)

An issue in git-shell could allow remote users to run an interactive pager. From the update announcement : ... fix a recently disclosed problem with 'git shell', which may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' CVE-2017-8386. Th...