Cross-Site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the user input before it outputs to the front end, allowing an attacker to inject malicious code as rename payload for the folder of a victim...

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. A dissector crash within certain versions of wireshark which could lead to denial of service conditions through an injection or a crafted capture file...

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. The vulnerability results in the LISP dissector going into a large loop which could allow excessive CPU resource consumption via injecting malformed packets...

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. A crash in the GQUIC dissector may result in denial of service conditions, via a packet injection or a crafted capture file...

Out-of-Bounds Write

gifsicle is vulnerable to Out-of-Bounds Write. The vulnerability is found in ambiguityerror within /src/clp.c which allows a local attacker to cause a heap-based buffer overflow...

Out-of-Bounds Write

sngrep is vulnerable to Out-of-Bounds Write. The vulnerability is found in capturewscheckpacket within /src/capture.c which allows a local attacker to cause a heap-based buffer overflow...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exploits the jira connect intergration allowing a malicious attacker to inject and execute malicious javascript on victim's browser...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability occurs due to an improper filtering of query parameters in the wiki changes page allowing a malicious authenticated attacker to execute arbitrary javascript on self-hosted instances running without strict CSP...

Improper Access Control

gitlab is vulnerable to Improper Access Control. The vulnerability allows a malicious attacker to leak the email address of a user who has raised a service desk issue...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. A specially crafted payload may allow a malicious attacker to execute arbitrary actions on self-hosted instances running without strict CSP...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. A malicious attacker is able to exploit a regex issue in the submodule URL parser to cause a denial of service due to inefficient regular expression complexity...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service Dos. A malicious authenticated attacker is able to upload a malicious nuget package to cause denial of service conditions...

Improper Access Control

gitlab is vulnerable to Improper Access Control. The vulnerability allows anuthorized users to see release names even when releases are restricted to project members only...

Cross-site Scripting (XSS)

odoo is vulnerable to Cross-site scripting XSS. The vulnerability allows a malicious attacker to inject arbitrary web script into a users browser by posting crafted content...

Cross Site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability occurs when viewing a XML file in the repository in 'raw' mode which could be rendered as HTML in certain conditions, which allows an authenticated attacker to inject and execute malicious javascript on victim's browser...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability allows a malicious attacker to exploit access tokens by modifying the integration URL allowing authenticated requests to be sent to an attackers controlled server...

Open Redirect

gitlab is vulnerable to Open Redirect. The vulenrability allows a malicious attacker to redirect users to an arbirary address if they trust the URL...

Denial Of Service (DoS)

tcpdump is vulnerable to Denial Of Service DoS. The vulnerability exists due to the out-of-bounds write in the SMB protocol decoder when decoding a crafted network packet, allowing an attacker to cause an application crash...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists due to the lack of length validation of the library, which allows an attacker to create large issue descriptions via GraphQL, leading to an application crash...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to the incorrect authorization during the display of Audit Events, which allows developers to view the project's Audit Events and developers or maintainers to view the group's Audit Events...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists in the Prometheus server bundled, allowing an attacker to cause an application crash...

HTML Injection

gitlab is vulnerable to HTML Injection. The vulnerability exists because the search timeout could be triggered if the attacker injects and execute a maliciously crafted HTML payload into the issue description...

Incorrect Permission Assignment

gitlab is vulnerable to Incorrect Permission Assignment. The vulnerability exists due to improper access control in the library, which allows an attacker to edit the approval rules via the API by an unauthorised user...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to the lack of permission checks in the library, which allows guest users to read a todo targeting an inaccessible note...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the library does not properly validate user input, allowing an attacker to view the count of internal notes for a given issue...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. The vulnerability exists when the non-printable characters get copied from the clipboard, allowing an attacker to inject and execute malicious commands on the victim's machine...

Information Disclosure

gitlab is vulnerable to Information Disclosure. When an attacker has a fork of a project that has been turned to private, the branch names can be accessed...

Open Redirect

gitlab is vulnerable to Open Redirect. The vulnerability exists due to the lack of URL validation in the library, allowing an attacker to send maliciously crafted URLs and redirect users to malicious websites...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the missing input masking in the library, allowing an attacker to gain sensitive information in the integration properties of the web interface...

Improper Access Control

gitlab is vulnerable to Improper Access Control. The vulnerability allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the missing sanitization of data in Pipeline error messages of the library, which allows an attacker to inject and execute malicious javascript...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the improper access control in the CI/CD cache mechanism of the library, which allows an attacker with developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The library contains an improper authentication mechanism which allows a user with certain amount of information to authenticate without a personal access token and gain access to sensitive user information...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. The library does not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption, resulting in denial of service conditions...

Cross-Site Scripting (XSS)

gitlab is vulnerable to Cross-Site Scripting XSS attacks. Missing invalidation of markdown caching allows an attacker to inject and execute malicious javascript on victim's browser via a crafted payloads from a previously exploitable XSS vulnerability. CVE-2022-1175...

Cross-site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the name and lastname fields are not properly sanitized in the users.js.php, which allows an attacker to inject and execute malicious javascript...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. The library does not perform correct authorizations on scheduled pipelines, which allows a malicious user to run a pipeline in the context of another user resulting in unauthorized access...

Denial Of Service (DoS)

libasn1c.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to the NULL pointer dereference in the defaulterrorlogger function of asn1fix.c, which allows an attacker to cause an application crash...

Denial Of Service (DoS)

frr is vulnerable to Denial of Service DoS attacks. By crafting a BGP OPEN message with an option of type 0xff, an attacker may cause a denial of service due to inconsistent boundary checks that do not account for reading 3 bytes instead of 2 in this 0xff case...

Denial Of Service (DoS)

frr is vulnerable to Denial of Service DoS attacks. By crafting a BGP OPEN message with an option of type 0xff, an attacker is able to cause a denial of service conditions due to inconsistent boundary checks that do not account for reading 3 bytes instead of 2 in this 0xff case...

Out Of Bounds Write

libsndfile.so is vulnerable to Out of Bounds Write. The vulnerability exists due to the headerseek function in common.c, which allows an attacker to inject and execute malicious code, or more likely an application crash...

Improper Input Validation

gitlab is vulnerable to Improper input validation. A remote attacker with developer privileges is able to read protected group or project CI/CD variables by importing a malicious project...

HTTP Request Smuggling (HRS)

llhttp is vulnerable to HTTP Request Smuggling HRS. The vulnerability exists because the http.js does not properly handle the CRLF sequence, allowing an attacker to smuggle HTTP requests by submitting Line feed LF characters without a Carriage Return CR...

Insecure Direct Object Reference

gitlab is vulnerable to Insecure Direct Object Reference. The vulnerability allows an endpoint to reveal an issue title to the user if they craft an API call with the same issue ID...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability within the project maintainer component allows it to unmask webhook secret tokens by viewing the logs after testing webhooks...

User Impersonation

openam-federation-library is vulnerable to User Impersonation. The vulnerability exists because the processResponse function of SAMLUtils.java does not properly validate the signature of a SAML responses received as part of the SAMLv1.x Single Sign-On process, which allows an attacker to exploit...

Information Disclosure

gitlab is vulnerable to Information Disclosure. An unauthenticated user is able to downlaod another users avatar using there user ID, resulting in disclosure of sensitive information...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS. A malicious user is able to leverage the vulnerability to cause peformance issues which will result in denial of service conditions...

Improper Authorization

gitlab is vulnerable to Improper Authorization. The vulnerability allows a malicious attacker to apply emojis on internal notes which they don't have access to, resulting in a breach...

Improper Authentication

gitLab is vulnerable to Improper Authentication. This vulnerability exists because it does not properly enforce IP address restrictions, allowing an attacker to misuse a valid deploy token from any location...