EUVD-2022-3580

Malicious code in bioql PyPI...

CVE-2024-3127 Improper Access Control in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...

CVE-2024-3127

Technical details of CVE-2024-3127 are not publicly provided in the submitted documents; no affected products, versions, or remediation details are included here. Monitor for updates.

GitLab 12.5 < 17.1.6 / 17.2 < 17.2.4 / 17.3 < 17.3.1 (CVE-2024-3127)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under...

GitLab < 13.11.6 (CVE-2021-22228)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access contro...

Incorrect Authorization

gitlab is vulnerable to Incorrect Authorization. The vulnerability allows unauthorised users to steal runner registration tokens using the quick actions command...

K04623854: Apache Tomcat vulnerability CVE-2018-1304

Security Advisory Description The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the...

GitLab 13.2 < 14.4.5 / 14.5 < 14.5.3 / 14.6 < 14.6.2 (CVE-2022-0172)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowi...

UBUNTU-CVE-2021-22228

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql...

GDPR Cookie Compliance <= 4.0.2 - Authenticated Settings Reset

The gdprcookiecomplianceresetsettings AJAX action registered for authenticated users lacks authorisation and CSRF checks, allowing unauthorised authenticated users to call it, which would result in the settings being reset...

Featured Image from URL <= 2.7.7 - Missing Access Controls on REST routes

The REST routes are missing permission callbacks, allowing unauthenticated/unauthorised users to call them. PoC Affected endpoints: - wp-json/featured-image-from-url/v2/enablefakeapi - wp-json/featured-image-from-url/v2/disablefakeapi - wp-json/featured-image-from-url/v2/nonefakeapi -...

CVE-2018-12423

In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.powerlevels event in force...

Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2018-972)

Late application of security constraints can lead to resource exposure for unauthorised users : Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and...

Amazon Linux AMI : tomcat80 (ALAS-2018-973)

Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration : As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not...

Medium: tomcat7, tomcat8

Issue Overview: Late application of security constraints can lead to resource exposure for unauthorised users: Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the U...

FreeBSD : tomcat -- Security constraints ignored or applied too late (55c4233e-1844-11e8-a712-0025908740c2)

The Apache Software Foundation reports : Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order...

tomcat -- Security constraints ignored or applied too late

The Apache Software Foundation reports: Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order...

Privilege Escalation

github.com/openshift/origin is vulnerable to privilege escalation attacks. The vulnerability exists because it does not prevent the unauthorised users to edit a build configuration to use a restricted strategy...

[WiFi Network Monitor] Tool to Watch/Monitor your Wireless network from hackers/rogue/unauthorised users

WiFi Network Monitor is the free tool to remotely scan and discover all the systems connected to your Wireless network. It helps you to keep a watch on your Wi-Fi network and safe guard it from Hackers as well as other unauthorised users. Its swift scan powered by 'ARP based Multi-threading'...