4 matches found
kernel: block: initialize integrity buffer to zero before writing it to media
A flaw was found in the Linux kernel, where it initialized the integrity buffer to zero before writing it to media. Metadata added by biointegrityprep uses plain kmalloc, which leads to random kernel memory being written. Protection Information PI metadata is limited to the app tag not used by...
GitHub: Self XSS in Tag name pattern field /<username>/<reponame>/settings/tag_protection/new
A self-XSS vulnerability was discovered in the tag name pattern field of the tag protections UI in GitHub Enterprise Server. The vulnerability allowed a malicious website that required user interaction and social engineering to make changes to a user account via a CSP bypass with created CSRF...
CVE-2023-2001
An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code...
Gitlab -- Vulnerability
Gitlab reports: Stored-XSS with CSP-bypass in Merge requests ReDoS via FrontMatterFilter in any Markdown fields ReDoS via InlineDiffFilter in any Markdown fields ReDoS via DollarMathPostFilter in Markdown fields DoS via malicious test report artifacts Restricted IP addresses can clone repositorie...