‼ CVE-2017-11197 ‼
📖 Read
via "National Vulnerability Database".
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0485 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1836 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22429 ‼
📖 Read
via "National Vulnerability Database".
redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1204 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30204 ‼
📖 Read
via "National Vulnerability Database".
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26203 ‼
📖 Read
via "National Vulnerability Database".
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0805 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2182 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1178 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45858 ‼
📖 Read
via "National Vulnerability Database".
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45859 ‼
📖 Read
via "National Vulnerability Database".
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27993 ‼
📖 Read
via "National Vulnerability Database".
A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43950 ‼
📖 Read
via "National Vulnerability Database".
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22640 ‼
📖 Read
via "National Vulnerability Database".
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27999 ‼
📖 Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS command vulnerability [CWE-78]Â in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22637 ‼
📖 Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0756 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4376 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45860 ‼
📖 Read
via "National Vulnerability Database".
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30331 ‼
📖 Read
via "National Vulnerability Database".
An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload.📖 Read
via "National Vulnerability Database".