15 matches found
EUVD-2024-31643
Malicious code in bioql PyPI...
CVE-2024-3035
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...
CVE-2024-3035
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...
UBUNTU-CVE-2024-3035
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...
CVE-2024-3035
CVE-2024-3035 is a GitLab CE/EE permission-check vulnerability affecting all versions from 8.12 up to 17.0.6, 17.1 up to 17.1.4, and 17.2 up to 17.2.2, allowing LFS tokens to read and write to user-owned repositories. Root cause: permission check flaw in the LFS path. Impact: read/write access to...
CVE-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...
PT-2024-5510 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.12 through 17.0.5 GitLab CE/EE versions 17.1 through 17.1.3 GitLab CE/EE versions 17.2 through 17.2.1 Description: The issue is related to an error in handling LFS tokens, which can be exploited by a remote attacker to...
GHSA-CGVF-22VV-83H5 Apache James Server OS Command Injection
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors...
Apache James Server OS Command Injection
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors...
CVE-2015-7611
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors...
Design/Logic Flaw
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors...
CVE-2015-7611
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors...
Gogs - usersrepos ?q SQL Injection
Gogs - usersrepos ?q SQL Injection Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very simili...
CVE-2004-2633
Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors...
CVE-2004-2633
Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors...