Lucene search
K
GitlabRecent

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/29 12:0 a.m.•28 views

Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings

An authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and...

2.7CVSS3.3AI score0.00616EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/29 12:0 a.m.•34 views

Duplicate

This advisory duplicates another...

2.7CVSS5.8AI score0.00616EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/15 12:0 a.m.•43 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...

7.9CVSS2.8AI score0.01431EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/13 12:0 a.m.•521 views

Incorrect Authorization

All unpatched versions of Argo CD starting with v1.0.0 is vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level...

9CVSS6.3AI score0.01237EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/13 12:0 a.m.•46 views

aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...

8.8CVSS3.4AI score0.0097EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/13 12:0 a.m.•14 views

Cross site scripting in ameos_tarteaucitron

The ameostarteaucitron aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible extension before 1.2.23 for TYPO3 allows XSS...

5.4CVSS6.8AI score0.00467EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/13 12:0 a.m.•43 views

Exposure of Resource to Wrong Sphere

Azure Storage Library Information Disclosure Vulnerability...

4.7CVSS1.3AI score0.00521EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/13 12:0 a.m.•46 views

Incorrect Authorization

All unpatched versions of Argo CD starting with v1.0.0 is vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level...

9CVSS6.3AI score0.01237EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/13 12:0 a.m.•60 views

Exposure of Resource to Wrong Sphere

Azure Storage Library Information Disclosure Vulnerability...

4.7CVSS1.3AI score0.00521EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/12 12:0 a.m.•38 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting XSS bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This...

6.1CVSS1.4AI score0.00584EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/12 12:0 a.m.•37 views

RCE bug with Serialized Columns in Active Record

When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database via means like SQL injection, then it may be possible for the attacker to escalate to an RCE. There are no...

9.8CVSS3.6AI score0.02386EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/12 12:0 a.m.•91 views

Improper Certificate Validation

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious or otherwise untrustworthy OpenID Connect OIDC...

9.6CVSS1.7AI score0.00763EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/06 12:0 a.m.•54 views

Improper Authentication

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...

8.8CVSS3.2AI score0.07229EPSS
Exploits4References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/06 12:0 a.m.•46 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The leafInfo.match function in Beego v2.0.3 and below uses path.join to deal with wildcardvalues which can lead to cross directory risk...

9.8CVSS3AI score0.01503EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/05 12:0 a.m.•52 views

Improper Authentication

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...

8.8CVSS3.2AI score0.07229EPSS
Exploits4References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/05 12:0 a.m.•27 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The leafInfo.match function in Beego v2.0.3 and below uses path.join to deal with wildcardvalues which can lead to cross directory risk...

9.8CVSS3AI score0.01503EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/29 12:0 a.m.•23 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Admidio 4.1.2 version is affected by stored cross-site scripting XSS...

5.4CVSS2.7AI score0.00533EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/28 12:0 a.m.•33 views

Missing Release of Memory after Effective Lifetime

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack...

7.5CVSS3AI score0.01595EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/28 12:0 a.m.•31 views

Double Free

DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack...

7.5CVSS0.9AI score0.01595EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/28 12:0 a.m.•31 views

NULL Pointer Dereference

DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack...

7.5CVSS1.3AI score0.01688EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/28 12:0 a.m.•30 views

Missing Release of Memory after Effective Lifetime

DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack...

7.5CVSS2AI score0.01595EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/24 12:0 a.m.•42 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

OFFIS DCMTK's All versions prior to 3.6.7 service class provider SCP is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution...

9.8CVSS6.4AI score0.02913EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/24 12:0 a.m.•38 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

OFFIS DCMTK's All versions prior to 3.6.7 service class user SCU is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution...

9.8CVSS6.6AI score0.02913EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/24 12:0 a.m.•29 views

NULL Pointer Dereference

OFFIS DCMTK's All versions prior to 3.6.7 has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition...

7.5CVSS3.8AI score0.00711EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/24 12:0 a.m.•35 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS2.4AI score0.00743EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/24 12:0 a.m.•28 views

Improper Privilege Management

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS3.9AI score0.02593EPSS
Exploits1References15Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/24 12:0 a.m.•34 views

Improper Privilege Management

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS3.9AI score0.02593EPSS
Exploits1References15Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/23 12:0 a.m.•26 views

Integer Overflow or Wraparound

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS via unspecified vectors...

5.5CVSS5.9AI score0.01142EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/21 12:0 a.m.•50 views

DoS through large manifest files in Argo CD

Impact All versions of Argo CD starting with v0.7.0 is vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service. The repo-server is a critical component of Argo CD, so crashing the repo-server effectively denies core Argo CD...

6.5CVSS0.1AI score0.00836EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/21 12:0 a.m.•41 views

DoS through large manifest files in Argo CD

Impact All versions of Argo CD starting with v0.7.0 is vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service. The repo-server is a critical component of Argo CD, so crashing the repo-server effectively denies core Argo CD...

6.5CVSS0.1AI score0.00836EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/21 12:0 a.m.•97 views

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params

All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows...

8.3CVSS4.8AI score0.00894EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/21 12:0 a.m.•79 views

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params

Impact All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a...

8.3CVSS3.7AI score0.00894EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/21 12:0 a.m.•70 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd/v2...

9CVSS2AI score0.00915EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/21 12:0 a.m.•88 views

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Impact All unpatched versions of Argo CD starting with v1.3.0 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be use...

4.3CVSS0.1AI score0.00827EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/21 12:0 a.m.•92 views

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Impact All unpatched versions of Argo CD starting with v1.3.0 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be use...

4.3CVSS0.1AI score0.00827EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/21 12:0 a.m.•47 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd...

9CVSS2AI score0.00915EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/17 12:0 a.m.•37 views

Relative Path Traversal

Relative Path Traversal in github.com/argoproj/argo-events...

7.5CVSS2.6AI score0.01815EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/17 12:0 a.m.•116 views

Uncontrolled Resource Consumption

Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...

7.5CVSS3.7AI score0.01492EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/16 12:0 a.m.•5 views

`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

6AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/16 12:0 a.m.•5 views

abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

5.9AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/14 12:0 a.m.•37 views

Missing Release of Memory after Effective Lifetime

A memory leak out-of-memory in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file...

8.8CVSS5.9AI score0.01533EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/10 12:0 a.m.•34 views

Out-of-bounds Read

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress...

9.8CVSS1.8AI score0.01014EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/10 12:0 a.m.•49 views

Unsafe deserialization in com.alibaba:fastjson

The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...

9.8CVSS6.1AI score0.17767EPSS
Exploits5References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/10 12:0 a.m.•24 views

Server-side request forgery in Apache Dubbo

bypass CVE-2021-25640 In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the allowed host check which can cause open redirect or SSRF vulnerability...

6.1CVSS3AI score0.02073EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/08 12:0 a.m.•24 views

OS Command Injection in file editor in Gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...

10CVSS0.5AI score0.04483EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/08 12:0 a.m.•26 views

Path Traversal in file editor on Windows in Gogs

Impact The malicious user is able to delete and upload arbitrary files. All installations on Windows with repository upload enabled default are affected. Patches Path cleaning has accommodated for Windows. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds N/A References...

10CVSS2.6AI score0.02251EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/08 12:0 a.m.•38 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in gogs.io/gogs...

5.4CVSS2AI score0.00674EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/08 12:0 a.m.•64 views

Path Traversal in Git HTTP endpoints in Gogs

Impact The malicious user is able to craft HTTP requests to access unauthorized Git directories. All installations with are affected. Patches Path cleaning has accommodated for Git HTTP endpoints. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds N/A References...

8.1CVSS1.4AI score0.51136EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/03 12:0 a.m.•43 views

Server-Side Request Forgery in gogs webhook

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

8.3CVSS2.7AI score0.01193EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/02 12:0 a.m.•49 views

OS Command Injection in gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...

0.1AI score0.01774EPSS
Exploits1References7Affected Software1
Total number of security vulnerabilities1518