[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
 
Paid content will be excluded from the download.

Filter
Matches : 15104 Download | Alert*

The host is installed with GitLab CE/EE before 16.8.5, 16.9.0 before 16.9.3 or 16.10.0 before 16.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation could allow an attacker to cause a denial of service using malicious crafted description parameter for labels.

The host is installed with GitLab CE/EE before 16.8.5, 16.9.0 before 16.9.3 or 16.10.0 before 16.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation could allow an attacker to cause a denial of service using malicious crafted description parameter for labels.

The host is installed with GitLab CE/EE before 16.8.5, 16.9.0 before 16.9.3 or 16.10.0 before 16.10.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle issues in validation of input During web page generation. On successful exploitation, A wiki page with a crafted payload may lead to a stored XSS, allowing attackers to perfor ...

The host is installed with GitLab CE/EE before 16.8.5, 16.9.0 before 16.9.3 or 16.10.0 before 16.10.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle issues in validation of input During web page generation. On successful exploitation, A wiki page with a crafted payload may lead to a stored XSS, allowing attackers to perfor ...

** DISPUTED ** Kernel Samepage Merging in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches fo ...

** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco3-dev 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The co ...

** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guara ...

** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser."

Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp.

** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever."


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   1510

© SecPod Technologies