14 matches found
EUVD-2023-0846
Malicious code in bioql PyPI...
Xiaomi Game center 安全漏洞
Xiaomi Game center is an application marketplace software from Chinese company Xiaomi Xiaomi. A security vulnerability exists in Xiaomi Game center version 13.10, which stems from improper input validation and could lead to the execution of malicious code...
GitLab 10.6 < 13.8.7 / 13.9 < 13.9.5 / 13.10 < 13.10.1 (CVE-2021-22197)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target...
CVE-2023-2190 Authorization Bypass Through User-Controlled Key in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the...
PT-2023-20665 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 13.10 through 14.4.6 XWiki Platform versions 13.10 through 13.10.10 XWiki Platform versions 14.0 through 14.4.6 Description: The issue allows an attacker to use the rights of an existing document content author to...
CVE-2022-2499
GitLab EE Jira integration contains an insecure direct object reference vulnerability that may allow an attacker to leak Jira issues. Affected GitLab EE versions: 13.10–15.0.4, 15.1–15.1.3, and 15.2–15.2.0. Root cause is an insecure direct object reference in the Jira integration. Remediation by ...
Code injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But ...
CVE-2021-39888
In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates...
UBUNTU-CVE-2021-22233
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details...
Information disclosure
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details...
CVE-2021-22233
Removed by vendor...
PT-2021-6696 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.10 and later Description: The issue is related to an information disclosure problem, where a lack of access control checking allows a remote attacker to gain access to confidential data. This enables a user to read proje...
CVE-2021-22203
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server...
PT-2021-4088 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 13.10 and later Description: The issue is related to a stored XSS in the blob viewer of notebooks, which can be exploited by a remote attacker to impact data integrity. This is due to the lack of protection measures for the we...