EUVD-2023-54387

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-4018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper...

CVE-2023-3210

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content...

Apple Xcode Security Update (HT122380)

Apple Xcode is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:xcode"; ifdescription...

Apple Security Advisory 03-31-2025-2

Apple Security Advisory 03-31-2025-2 - Xcode 16.3 addresses issues where a malicious app could access private information or overwrite arbitrary files...

Apple Xcode 缓冲区错误漏洞

Apple Xcode is an integrated development environment developed by Apple Inc. Apple Xcode suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause an application to overwrite arbitrary files...

Apple Xcode 安全漏洞

Apple Xcode is a set of integrated development environments provided to developers by Apple Inc. in the United States, which is primarily used to develop applications for Mac OS X and iOS. A security vulnerability exists in Apple Xcode version 16.3, which stems from an insufficient check and coul...

Apple Safari 16.3 Multiple Vulnerabilities (120946)

The version of Apple Safari installed on the remote host is prior to 16.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 120946 advisory. - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3, iOS 15.7.2 and iPadOS...

CVE-2024-9633

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain,...

SUSE-SU-2024:2266-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17...

CVE-2024-0985 affecting package postgresql for versions less than 16.3-1

CVE-2024-0985 affecting package postgresql for versions less than 16.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-5870 affecting package postgresql for versions less than 16.3-1

CVE-2023-5870 affecting package postgresql for versions less than 16.3-1. A patched version of the package is available...

GitLab 16.2 < 16.2.5 / 16.3 < 16.3.1 (CVE-2023-3950)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audi...

PostgreSQL 14.x < 14.12, 15.x < 15.7, 16.x < 16.3 Information Disclosure Vulnerability - Windows

PostgreSQL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

BIT-GITLAB-2023-5512 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...

CVE-2023-5207

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user...

Code injection

An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page...

CVE-2023-4532 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of...

GitLab 15.3 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-4379)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge...

CVE-2022-4343

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile...