Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2022/04/15 12:0 a.m.•5 views

Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon

SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option...

3.3CVSS6AI score0.00446EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/04/08 12:0 a.m.•5 views

Unsafe parsing in SWHKD

SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service memory exhaustion upon an attempt to parse a large or infinite file such as a block or character device...

5.3CVSS6.1AI score0.00822EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/01/06 12:0 a.m.•5 views

Out-of-bounds Write in actix-web

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption...

9.8CVSS7.2AI score0.01288EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/01/06 12:0 a.m.•5 views

Use of Uninitialized Resource in acc_reader.

An issue was discovered in the accreader crate through 2020-12-27 for Rust. readupto may read from uninitialized memory locations...

9.8CVSS7.2AI score0.01191EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/08/25 12:0 a.m.•5 views

Update unsound DrainFilter and RString::retain

An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...

7.5CVSS7.1AI score0.01358EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2019/01/07 12:0 a.m.•5 views

XML External Entity Reference in c3p0:c3p0

c3p0 allows XXE during initialization...

9.8CVSS7AI score0.04589EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
•added 2 days ago•4 views

DIRAC: SQL injection and lack of access control in PilotManager service

Details A number of the functions in PilotManager pass parameters directly through to the database layer, which then does not do any escaping on the parameters. For example setPilotStatus:...

6.1AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/02/02 12:0 a.m.•4 views

H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS6.6AI score0.00629EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/18 12:0 a.m.•4 views

rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary...

6.1AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/03/28 12:0 a.m.•4 views

Serverpod improved security for stored password hashes

Serverpod now uses the OWASP recommended Argon2Id password hash algorithm to store password hashes for the email authentication module...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/03/28 12:0 a.m.•4 views

Serverpod client accepts any certificate

This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic an...

7.4CVSS5.9AI score0.00284EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/04/22 12:0 a.m.•4 views

Relative Path Traversal in afire serve_static

This vulnerability effects the built-in afire servestatic extension allowing paths containing //.... to bypass the previous path sanitation and request files in higher directories that should not be accessible...

5.9AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/04/15 12:0 a.m.•4 views

Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

4.4CVSS5.9AI score0.00444EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/01/06 12:0 a.m.•4 views

Out-of-bounds Write in actix-web

An issue was discovered in the actix-web crate before 0.7.19 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...

9.8CVSS7.8AI score0.01288EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/08/25 12:0 a.m.•4 views

Multiple memory safety issues in actix-web

Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...

5.8AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/08/25 12:0 a.m.•4 views

Update unsound DrainFilter and RString::retain

An issue was discovered in the abistable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop...

7.5CVSS7.1AI score0.01413EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/09/19 12:0 a.m.•3 views

personnummer/dart vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity...

5.3CVSS6.1AI score0.00489EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2019/04/23 12:0 a.m.•3 views

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration...

7.5CVSS9.4AI score0.04882EPSS
Exploits1References2
Total number of security vulnerabilities1518