Object Corruption

chromium is vulnerable to Object Corruption. The vulnerability exists in the Blink of the library, which allows an attacker to cause an object corruption via a maliciously crafted HTML page...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the ANGLE of the library, which allows an attacker to arbitrary read or write via a maliciously crafted HTML page...

Spoofing Attacks

firefox is vulnerable to Spoofing Attacks. The vulnerability exists due to the heap buffer overflow in the Visuals in the library, which allows an attacker to exploit heap corruption via a crafted HTML page...

Remote Code Execution (RCE)

Firefox is vulnerable to Remote Code Execution. The vulnerability is due to a lack of validation when creating shortcuts, which could allow an attacker to trick a user into create a shortcut that points to local system files...

Use After Free

Firefox is vulnerable to Use After Free. The vulnerability exists because the cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in lack of validate WebRTC connection over HTTPS, which can result in Denial of Service...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This vulnerability exists in the way that GitLab handles project membership. An attacker can exploit this vulnerability by creating a project with a specific name and then adding themselves to the project as a project member. This will allow the...

API Token Disclosure

gitlab is vulnerable to API Token Disclosure. The vulnerability exists due to Insufficient permission checks, which allows an attacker to exfiltrate a Datadog API key...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability is due to autocomplete under certain conditions, which allows an attacker to view fields related to sensitive information...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. An attacker could exploit this vulnerability to gather information about public GitLab projects, even if they are not authorized to access the projects. This information could be used to launch further attacks, such as phishing attacks or social...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability is due to lack of Jira issue validation, which allows an attacker to use GitLab Flavored Markdown GFM references in a Jira issue to disclose the names of resources they don't have access to...

Improper Authorization

gitlab is vulnerable to Improper Authorization. The vulnerability exists because of not verifying proper access rights to import members from a target project which allows an attacker to perform unauthorized actions...

Improper Input Validation

gitlab is vulnerable to Improper Input Validation. The vulnerability exists because the Gitlab's Slack integration is incorrectly validate the user input, which allows an attacker to send maliciously crafted URLs...

Man-in-the-Middle (MITM)

gitlab is vulnerable to Man-in-the-Middle MITM attacks. The vulnerability exists because the library does not properly validate SSL certificates for some external CI services, which makes it possible to perform MitM attacks on connections to these external services...

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists through the Project Import feature which allows an attacker to perform attacks...

Improper Authorization

gitlab is vulnerable to Improper Authorization. The vulnerability exists due to improper access to some particular fields through the GraphQL API which allows an attacker to perform unauthorized actions...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS. The vulnerability exists because the requests to delete existing packages is not correctly handled which allows an attacker to cause an application crash...

Cross-Site Request Forgery

gitlab is vulnerable to Cross-Site Request Forgery. The vulnerability allows a malicious user to have their GitHub project imported on another GitLab user account...

Improper Privilege Management

gitlab is vulnerable to Improper Privilege Management. The vulnerability exists because not ignoring replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because a user with an expired password can access sensitive information through RSS feeds...

Improper Access Control

gitlab is vulnerable to Improper Access Control. An attacker can gain confidential information through the Incident timeline events...

Arbitrary Code Execution

sniproxy is vulnerable to Arbitrary Code Execution. The vulnerability exists due to a buffer overflow which allows an attacker to use a specially crafted HTTP or TLS packet that can lead to arbitrary code execution...

Cross-site Scripting (XSS)

rabbitmq-server is vulnerable to Cross-site Scripting XSS attacks. The vulnerability exists due to improper sanitization which allows a remote authenticated malicious user with administrative access to inject and execute arbitrary javascript...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of sanitization in the user input, allowing an attacker to inject and execute malicious javascript by abusing the generation of the HTML code related to emojis...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS. The vulnerability exists due to the lack of length validation in the Snippet descriptions of the library, which allows an attacker to cause an application crash by submitting the maliciously large snippet...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists due to the lack of length validation of the library, which allows an attacker to create a large Issue description via GraphQL, leading to an application crash...

Improper Validation

libreoffice is vulnerable to Improper Validation. The vulnerability exists in the spreadsheet component of The Document Foundation LibreOffice which allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of input sanitization in the job error messages of the library, allowing an attacker to inject and execute malicious javascript...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability allows former project members to read updates via TODOs due to membership changes not being reflected for confidential notes...

Arbitrary Code Injection

gitlab is vulnerable to Arbitrary Code Injection. The vulnerability allows an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability occurs due to incorrect data handling within the datadog integration resulting in gitlab returning contributor emails...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability allows a member to filter issues by contact and organization leading to the disclosure of sensitive information...

Improper Authentication

gitlab is vulnerable to Improper Authentication. The vulnerability occurs due to incorrect authentication with package registries when IP restrictions are configured resulting in allowing a malicious attacker to misuse a deploy token from any location...

Privilege Escalation

gitlab vulnerable to Privilege Escalation. An attacker could exploit this vulnerability to gain elevated privileges in a group or project, which could allow them to perform actions such as creating new projects, deleting existing projects, or modifying project permissions...

Information Disclosure

gitlab is vulnerable to Information Disclosure...

Regular Expression Denial Of Service (ReDoS)

gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the uncontrolled resource consumption in the library, allowing an attacker to cause an application crash by deploying maliciously crafted slash commands...

Improper Access Control

gitlab is vulnerable to Improper Access Control. An attacker could exploit this vulnerability to access a project's disabled wiki, even if they do not have the necessary permissions. This could allow the attacker to view or modify the wiki's contents, or to gain access to sensitive data that may ...

Improper Privilege Management

Gitlab is vulnerable to Improper Privilege Management. The vulnerability is due to flowed permission validation which allowed group members with a developer role to elevate their privilege to a maintainer on projects they import...

Improper Access Control

gitlab is vulnerable to Improper Access Control. An attacker could exploit this vulnerability to approve a Merge Request for a project that they no longer have access to. This could allow the attacker to introduce malicious code into the project, or to gain unauthorized access to sensitive data...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists because the low-privileged users can bypass the file size limits in the NPM package repository...

Improper Authorization

gitlab is vulnerable to Improper Authorization. An attacker could exploit this vulnerability to update the status of an external status check to "success", even if the check has failed. This could cause GitLab to deploy code or release a package that is not ready, which could lead to security...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the non-project members can see the default branch name for projects...

Regular Expression Denial Of Service (ReDoS)

gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in the Maven Package registry, allowing an attacker to cause an application crash by sending a maliciously crafted string...

Server-Side Request Forgery

gitlab is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists because the shared address spaces are not blocked for requests, allowing an attacker to cause blind SSRF attacks...

Regular Expression Denial Of Service (ReDoS)

gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. An attacker can cause an application crash by submitting a maliciously crafted input...

Information Disclosure

gitlab is vulnerable to Information Disclosure. An attacker could exploit this vulnerability to obtain the service desk email address for a GitLab project. This could then be used to contact the service desk impersonating a project member, or to send phishing emails to project members. This could...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS. An attacker could exploit this vulnerability to access a user's custom project and group templates, which could then be used to create new projects and groups, or to modify existing projects and groups. This could allow an attacker to gain unauthoriz...

Business Logic Flaws

GitLab is vulnerable to Business Logic Flaws. The vulnerability exists under specific conditions, which allows an unauthorised project members to delete a protected branches...

Information Disclosure

gitlab is vulnerable to Information Disclosure. An attacker could exploit this vulnerability to access a user's custom project and group templates, which could then be used to create new projects and groups, or to modify existing projects and groups...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS. An attacker could exploit this vulnerability to send a specially crafted GitLab quick action request that could cause the GitLab server to consume excessive CPU resources, leading to a DoS attack...