CVE-2023-3707

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected post...

CVE-2023-3115

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositori...

PT-2023-23183 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.11 through 16.2.7 GitLab EE versions 16.3 through 16.3.4 GitLab EE versions 16.4 through 16.4.0 Description: An issue has been discovered in GitLab EE where Single Sign On restrictions were not correctly enforced for...

GHSA-8V99-48M9-C8PM Incorrect Authorization in imgcrypt

Imgcrypt implements a function CheckAuthorization that is supposed to check whether a user is authorized to access an encrypted image given the keys that the user has provided on the command line that would enable decryption of the image. The check is to prevent that a user can start a container...

CVE-2021-38931

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418...

Debian DSA-2534-1 : postgresql-8.4 - several vulnerabilities

Two vulnerabilities related to XML processing were discovered in PostgreSQL, a SQL database. - CVE-2012-3488 contrib/xml2's xsltprocess can be used to read and write external files and URLs. - CVE-2012-3489 xmlparse fetches external files or URLs to resolve DTD and entity references in XML values...