EUVD-2023-23359

Malicious code in bioql PyPI...

FreeBSD : Gitlab -- vulnerabilities (5683b3a7-683d-11f0-966e-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5683b3a7-683d-11f0-966e-2cf05da270f3 advisory. Gitlab reports: Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE Cross-site...

FreeBSD : Gitlab -- Vulnerabilities (d45dabd9-5232-11f0-9ca4-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d45dabd9-5232-11f0-9ca4-2cf05da270f3 advisory. Gitlab reports: Denial of Service impacts GitLab CE/EE Missing Authentication issue impacts...

CVE-2025-0314

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting...

FreeBSD : Gitlab -- Vulnerabilities (275ac414-b847-11ef-9877-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 275ac414-b847-11ef-9877-2cf05da270f3 advisory. Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response...

CVE-2020-24977

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e...

GitLab: Send arbitrary PUT requests when user clicks on a link

Dear teams, Summary Mermaid allows users to set class name of a block. This ability becomes vulnerable in Gitlab issues because of issue.jsL90: javascript return $document.on 'click', '.js-issuable-actions a.btn-close, .js-issuable-actions a.btn-reopen', e = ... const $button = $e.currentTarget;...