14 matches found
CVE-2025-65516
A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...
CVE-2025-65516
A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...
CVE-2020-13318
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack...
PT-2020-13459 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A cross-account assume role attack was possible due to a vulnerability in GitLab's EKS integration...
CVE-2020-13285
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting XSS vulnerability exists in the issue reference number tooltip...
CVE-2020-13283
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title...
PT-2020-13427 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue allows user-controlled git configuration settings to be modified, resulting in Server Side Request Forgery. Recommendation...
PT-2020-13422 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: A denial of service issue exists in the project import feature. Recommendations: For versions prior to 13.0.12, update to version...
GitLab Resource Management Error Vulnerability (CNVD-2020-46491)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions prior ...
GitLab Data Forgery Issue Vulnerability
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions prior ...
CVE-2020-13295
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF...
PT-2020-13436 · Gitlab · Gitlab Runner +1
Name of the Vulnerable Software and Affected Versions: GitLab Runner versions prior to 13.0.12 GitLab Runner versions prior to 13.1.6 GitLab Runner versions prior to 13.2.3 Description: The issue allows for Server-Side Request Forgery SSRF by replacing dockerd with a malicious server, making the...
PT-2020-13433 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue allows bypassing E-mail verification required for OAuth Flow. Recommendations: For versions prior to 13.0.12, update to...
OPENSUSE-SU-2020:0220-1 Security update for nextcloud
This update for nextcloud fixes the following issues: Nextcloud was updated to 15.0.14: - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes boo1162766 - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caused...