Writeup Exploits
60,754 exploits tracked across all sources.
GitLab CE/EE <14.9.5-15.0.1 - Privilege Escalation
When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs
CVSS 5.4
libtiff 4.4.0 - Denial of Service via Crafted TIFF File
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
CVSS 5.5
libtiff 4.4.0 - Denial of Service via Divide By Zero in tiffcrop
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
CVSS 5.5
libtiff 4.4.0 - Denial of Service via Crafted TIFF File
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
CVSS 5.5
OpenSSL 1.0.2-1.0.2ze, 1.1.1-1.1.1o, 3.0.0-3.0.3 - OS Command Injection via c_rehash Script
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
CVSS 7.3
Hutool < 5.7.19 - Improper Certificate Validation
Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.
CVSS 9.8
Ovidentia CMS 6.0 - Authenticated Path Traversal in FileManager
An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.
CVSS 7.5
GitLab < 15.1.6, 15.2-15.2.4, 15.3-15.3.2 - Server-Side Request Forgery via Jupyter Notebook Viewer
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests
CVSS 6.4
GitLab 10.0.0-15.1.5, 15.2.0-15.2.3, 15.3.0-15.3.1 - Authenticated Resource Exhaustion via Malicious Project Import
A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project.
CVSS 6.5
GNU SASL < 2.0.1 - Authenticated Out-of-bounds Read via GSS-API Client
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
CVSS 3.8
GNU SASL < 2.0.1 - Authenticated Out-of-bounds Read via GSS-API Client
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
CVSS 3.8
GitLab CE/EE <15.1.6-15.3.2 - Authenticated XSS
An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests.
CVSS 7.3
GitLab <15.1.6-15.3.2 - Auth Bypass
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
CVSS 6.5
GitLab < 15.1.6, 15.2 < 15.2.4, 15.3 < 15.3.2 - Authenticated Denial of Service via Snippet Description Length
A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.
CVSS 6.5
QEMU 6.2.0 - Memory Leak via Virtio-Net Device Error Handling
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVSS 7.5
QEMU <= 6.2.0 - Memory Leak in vhost-vsock Error Handling
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVSS 3.2
Tildeslash Monit <5.31.0 - Privilege Escalation
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.
CVSS 8.8
GitLab CE/EE <15.2.4-15.3.2 - Info Disclosure
An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
CVSS 4.3
SpringBlade <= 3.2.0 - SQL Injection via customSqlSegment
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
CVSS 9.8
GitLab <12.9.8, <12.10.7, <13.0.1 - Info Disclosure
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO
CVSS 2.7
GitLab CE/EE <15.1.6, <15.2.4, <15.3.2 - XSS
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.
CVSS 7.3
universis-api < 1.2.1 - Authenticated SQL Injection via $select Parameter
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades.
CVSS 8.1
GitLab 10.7-15.1.4, 15.2-15.2.2, 15.3 - Denial of Service via Commit Message Field
A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.
CVSS 4.3
GitLab < 15.1.6, 15.2-15.2.4, 15.3-15.3.2 - Denial of Service via Malformed Issue Description
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage.
CVSS 7.5
libtiff < 4.4.0 - Out-of-bounds Read in extractImageSection
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.
CVSS 5.5
By Source