BIT-GITLAB-2023-6564 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or...

curl: CVE-2024-2398: HTTP/2 push headers memory-leak

CVE-2024-2398 was a memory-leak vulnerability in the HTTP/2 push headers implementation of libcurl. For each incoming PUSHPROMISE header, a new string was allocated and stored in an array. When the number of headers exceeded a threshold, libcurl freed the array but forgot to free the individual...

The vulnerability of the Microsoft Edge browser’s Push Notification Service on Android operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Microsoft Edge browser’s Push Notification Service on Android operating systems is related to insufficient protection of service-related data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially...

The Privacy Danger Lurking in Push Notifications

Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly insecure...

Push vs. Pull-Based Architecture in GitOps

...

GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories

GitHub on Thursday announced that it's enabling secret scanning push protection by default for all pushes to public repositories. "This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commits or, if you dee...

WordPress Plugin WP eCommerce Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: cert-manager, chartmuseum, helm-push, helm-operator, cert-manager-fips, k8sgpt, kubescape, k9s, flux-helm-controller, kubevela, flux-source-controller, zot, kots, trivy, cilium-cli, up, zarf, eksctl...

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

Open redirect

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

PT-2024-11689 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v031 Description: An issue was discovered allowing a URL Redirection to an Untrusted Site Open Redirect under the "/api/v1/notification/createnotification" endpoint. This enables an authenticated...

LIVEBOX Collaboration vDesk Security Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v031 and prior versions, which stems from a redirection via the /api/v1/notification/createnotification endpoint that allows an authenticated user to send arbitrary push...

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

CVE-2022-45169

CVE-2022-45169 affects LIVEBOX Collaboration vDesk (through v031). It describes an Open Redirect: an authenticated user can trigger a URL redirection via /api/v1/notification/createnotification to send a push notification to another user that can include an invisible clickable link. Reported metr...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: cilium-cli, trivy, kots, zarf, chartmuseum, eksctl, flux-source-controller, k8sgpt, helm-operator, helm-push, up, zot, kubescape, kubevela, k9s, flux-helm-controller...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: cert-manager, chartmuseum, helm-push, helm-operator, cert-manager-fips, k8sgpt, kubescape, k9s, flux-helm-controller, kubevela, flux-source-controller, zot, kots, trivy, cilium-cli, up, zarf, eksctl...