UBUNTU-CVE-2024-5528

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...

BIT-GITLAB-2024-6595 Uncontrolled Search Path Element in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data...

Vulnerability fixed in GitLab CE/EE

GitLab has fixed a vulnerability in GitLab CE/EE A malicious person could exploit the vulnerability under certain circumstances to start a Continuous Integration/Continuous Deployment CI/CD pipeline process as any other user. GitLab has released updates to fix the vulnerability in GitLab CE/EE...

SUSE CVE-2020-8139

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

CVE-2022-36394

Authenticated author+ SQL Injection SQLi vulnerability in Contest Gallery plugin = 17.0.4 at WordPress...

semantic-release 信息泄露漏洞

semantic-release is semantic-release open source for automating the entire package release workflow, including: determining the next version number, generating release notes and releasing packages. An information disclosure vulnerability exists in semantic-release version 17.0.4, which stems from...

Nextcloud Server < 16.0.9, 17.x < 17.0.4, 18.0.0 Access Control Vulnerability (NC-SA-2020-015)

Nextcloud Server is prone to an information disclosure vulnerability due to a missing access control check. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Nextcloud Server Access Control Error Vulnerability (CNVD-2020-21014)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Server versions prior to 18.0.1, 17.0.4 and 16.0.9, which can be exploited by an attacker to downloa...

Mozilla Thunderbird < 17.0.4 nsHTMLEditor Use-After-Free

The installed version of Thunderbird is earlier than 17.0.4 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor nsHTMLEditor related to content script and the calling of the function 'document.execCommand' while internal editor operations are...