CVE-2021-39883

Removed by vendor...

CVE-2021-39883

CVE-2021-39883 : In GitLab EE, there are improper authorization checks that allow subgroup members to see epics from all parent subgroups. Affected: all versions of GitLab EE starting from 13.11 up to but not including 14.1.7; all versions starting from 14.2 up to but not including 14.2.5; and al...

PT-2021-22729 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.11 through 14.1.7 GitLab EE versions 14.2 through 14.2.5 GitLab EE versions 14.3 through 14.3.1 Description: The issue is related to improper authorization checks, allowing subgroup members to see epics from all parent...

UBUNTU-CVE-2020-13282

For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access...

Drupal Open Atrium Module OG Subgroups Module Access Bypass Vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Open Atrium module is a teamwork development module based on the Drupal platform.OG Subgroups module is one of the OG subgroups module. A security vulnerability exists in the OG...

CVE-2014-9504

The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance...

Design/Logic Flaw

The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance...

CVE-2014-9504

The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance...

CVE-2014-9504

CVE-2014-9504 affects Drupal Open Atrium’s OG Subgroups module. When used with Open Atrium 7.x-2.x prior to 7.x-2.26, it allows a remote attacker to access child groups via vectors related to membership inheritance. Documents confirm the vulnerable configuration and the affected version range; no...

GitLab: [Subgroups] Unprivileged User Can Disclose Private Group Names

Hi @briann and team, Congratulations on the launch of GitLab 9.0! While exploring Subgroup functionality, I noticed that an unprivileged user can disclose private group names by incrementing the parentid parameter. Proof of Concept To reproduce this issue, I set up a fresh GitLab 9.0 CE server an...

Amazon Linux AMI : nss-util / nss,nss-softokn (ALAS-2016-774)

CVE-2016-2834 nss: Multiple security flaws MFSA 2016-61 Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the...

OpenSSL 'Diffie-Hellman small subgroups' MitM Attack Vulnerability - Windows

OpenSSL is prone to a man-in-the-middle MitM attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Usual Mandatory Disclaimer: IANAC I am not a cryptographer so I might likely end up writing a bunch of mistakes in this blog post... tl;dr The OpenSSL 1.0.2 releases suffer from a Key Recovery Attack on DH small subgroups. This issue got assigned CVE-2016-0701 with a severity of High and OpenSSL...

Internet Bug Bounty: OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Full write up: http://intothesymmetry.blogspot.ch/2016/01/openssl-key-recovery-attack-on-dh-small.html DH small subgroups CVE-2016-0701 ================================== Severity: High Historically OpenSSL usually only ever generated DH parameters based on "safe" primes. More recently in version...

ALPINE-CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

UBUNTU-CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

Joomla Components com_canteen LFI Vulnerability

Exploit for php platform in category web applications =============================================== Joomla Components comcanteen LFI Vulnerability =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0...

Cross site scripting

Cross-site scripting XSS vulnerability in the Subgroups for Organic Groups OG module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles...

CVE-2009-4063

Cross-site scripting XSS vulnerability in the Subgroups for Organic Groups OG module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles...