βΌ CVE-2023-31425 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, Γ’β¬ΕrootΓ’β¬οΏ½ account access is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3500 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3900 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3994 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1210 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31428 βΌ
π Read
via "National Vulnerability Database".
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31430 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in Γ’β¬ΕsecpolicydeleteΓ’β¬οΏ½ command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3364 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38990 βΌ
π Read
via "National Vulnerability Database".
An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2164 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31432 βΌ
π Read
via "National Vulnerability Database".
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0632 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2346 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31431 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in Γ’β¬ΕdiagstatusΓ’β¬οΏ½ command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3993 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3385 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html).π Read
via "National Vulnerability Database".
βΌ CVE-2023-31927 βΌ
π Read
via "National Vulnerability Database".
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31928 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target userΓ’β¬β’s session with the Brocade Webtools application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36121 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31926 βΌ
π Read
via "National Vulnerability Database".
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2416 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.π Read
via "National Vulnerability Database".