‼ CVE-2023-0967 ‼
📖 Read
via "National Vulnerability Database".
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user permissions with respect to certain actions the user can perform.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0838 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1708 ‼
📖 Read
via "National Vulnerability Database".
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-3513 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0944 ‼
📖 Read
via "National Vulnerability Database".
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0450 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-24720 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0842 ‼
📖 Read
via "National Vulnerability Database".
xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1098 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-0523 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1417 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1855 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1787 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1782 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.📖 Read
via "National Vulnerability Database".
👍2
‼ CVE-2022-31888 ‼
📖 Read
via "National Vulnerability Database".
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31889 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-23981 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25542 ‼
📖 Read
via "National Vulnerability Database".
Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29416 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29419 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29421 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block.📖 Read
via "National Vulnerability Database".