Writeup Exploits
60,754 exploits tracked across all sources.
RosarioSIS < 4.3 - Cross-Site Scripting via SanitizeMarkDown Function
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.
CVSS 5.4
GNU Libtasn1 <4.19.0 - Buffer Overflow
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
CVSS 9.1
GitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Improper Privilege Management via Git Sub-Command Replacement References
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI.
CVSS 6.5
GitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Info Disclosure
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds.
CVSS 3.5
GitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Open Redirect
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack.
CVSS 4.3
GitLab <14.4.5-14.6.2 - Privilege Escalation
An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project.
CVSS 4.3
GitLab 12.10-14.4.4, 14.5.0-14.5.2, 14.6.0-14.6.1 - Denial of Service via Package Deletion Request
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.
CVSS 6.5
GitLab <14.4.5-14.6.2 - Info Disclosure
An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API.
CVSS 6.5
GitLab <14.4.5, <14.5.3, <14.6.2 - CSRF
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account.
CVSS 7.5
GitLab CE/EE <12.3 - Info Disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones.
CVSS 5.3
QEMU < 6.0.0 - Use-After-Free in LSI53C895A SCSI Host Bus Adapter Emulation
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
CVSS 4.4
QEMU virtio-fs < 6.2.0-7 - Privilege Escalation via SGID Directory Group Ownership
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
CVSS 7.8
GitLab CE/EE <14.7.1 - Info Disclosure
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
CVSS 4.3
Gitlab CE/EE <14.5.4-14.7.1 - Info Disclosure
Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.
CVSS 4.3
GitLab 7.9-14.7.1 - Server-Side Request Forgery via Irker DNS Rebinding
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.
CVSS 5.4
GitLab <14.5.4, <14.6.4, <14.7.1 - DoS
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.
CVSS 4.9
libnbd - Unchecked Return Value in nbdcopy Multi-threaded Copy Operation
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.
CVSS 4.8
GitLab 8.15.0-14.6.4 - Denial of Service via Math Feature Formula in Issue Comments
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.
CVSS 3.5
libtiff 3.9.0-4.3.0 - Denial of Service via TIFFFetchStripThing memcpy Null Pointer
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
CVSS 5.5
libtiff 4.0-4.3.0 - Denial of Service via Crafted TIFF File
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
CVSS 5.5
Wireshark 3.4.0-3.4.11 and 3.6.0-3.6.1 - Use-After-Free in CMS Protocol Dissector
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 3.4.0-3.4.11 and 3.6.0-3.6.1 - Denial of Service via CSN.1 Dissector Unaligned Access
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 3.4.0-3.4.11 and 3.6.0-3.6.1 - Denial of Service via PVFS Protocol Dissector
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 3.4.0-3.4.11 and 3.6.0-3.6.1 - Denial of Service via Large Loops in Protocol Dissectors
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
CVSS 4.3
Wireshark 3.4.0-3.4.11 and 3.6.0-3.6.1 - Denial of Service via RTMPT Protocol Dissector Infinite Loop
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS 6.3
By Source