ubuntu_linux USN-6540-1: Ubuntu 16.04 ESM / Ubuntu 18.04 ESM / Ubuntu 20.04 LTS / Ubuntu 22.04 LTS / Ubuntu 23.04 / Ubuntu 23.10 : BlueZ vulnerability (USN-6540-1) | CVE-2023-45866 | 12/7/2023 | development |
suse_linux SUSE-SU-2023:4665-1: SUSE SLES15 : Security update for kernel-firmware (Important) (SUSE-SU-2023:4665-1) | CVE-2021-26345, CVE-2021-46766, CVE-2021-46774, CVE-2022-23820, CVE-2022-23830, CVE-2023-20519, CVE-2023-20521, CVE-2023-20526, CVE-2023-20533, CVE-2023-20566, CVE-2023-20592 | 12/7/2023 | development |
suse_linux SUSE-SU-2023:4645-1: SUSE SLES15 : Security update for haproxy (Moderate) (SUSE-SU-2023:4645-1) | CVE-2023-45539 | 12/7/2023 | development |
suse_linux SUSE-SU-2023:4654-1: SUSE SLES15 : Security update for kernel-firmware (Important) (SUSE-SU-2023:4654-1) | CVE-2021-26345, CVE-2021-46766, CVE-2021-46774, CVE-2022-23820, CVE-2022-23830, CVE-2023-20519, CVE-2023-20521, CVE-2023-20526, CVE-2023-20533, CVE-2023-20566, CVE-2023-20592 | 12/7/2023 | development |
freebsd e07a7754-12a4-4661-b852-fd221d68955f: electron25 -- multiple vulnerabilities | CVE-2023-6350, CVE-2023-6351 | 12/7/2023 | development |
apache_struts S2-066: S2-066 | CVE-2023-50164 | 12/7/2023 | testing |
gitlab CVE-2022-3331: IDOR in Zentao integration leaked issue details | CVE-2022-3331 | 11/2/2023 | development |
gitlab CVE-2021-39873: Content spoofing vulnerability | CVE-2021-39873 | 11/2/2023 | development |
gitlab CVE-2022-4037: Race condition on gitlab.com enables verified email forgery & third-party account hijacking | CVE-2022-4037 | 11/2/2023 | development |
gitlab CVE-2022-2592: Lack of length validation in Snippets leads to Denial of Service | CVE-2022-2592 | 11/2/2023 | development |
gitlab CVE-2021-39898: Project exports leak external webhook token value | CVE-2021-39898 | 11/2/2023 | development |
gitlab CVE-2021-22251: Projects are allowed to add members with email address domain that should be blocked by group settings | CVE-2021-22251 | 11/2/2023 | development |
gitlab CVE-2022-1821: Subgroup member can list members of parent group | CVE-2022-1821 | 11/2/2023 | development |
gitlab CVE-2021-39892: Low privileged users can import users from projects that they they are not a maintainer on | CVE-2021-39892 | 11/2/2023 | development |
gitlab CVE-2021-22219: Logging of Sensitive Information | CVE-2021-22219 | 11/2/2023 | development |
gitlab CVE-2021-39878: Reflected Cross-Site Scripting in Jira Integration | CVE-2021-39878 | 11/2/2023 | development |
gitlab CVE-2021-22234: Arbitrary file read via design feature | CVE-2021-22234 | 11/2/2023 | development |
gitlab CVE-2022-1124: Guest project member can access trace log of jobs when it is enabled | CVE-2022-1124 | 11/2/2023 | development |
gitlab CVE-2021-39943: "External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request | CVE-2021-39943 | 11/2/2023 | development |
gitlab CVE-2021-39935: When user registration is limited, external users that aren't developers shouldn't have access to the CI Lint API | CVE-2021-39935 | 11/2/2023 | development |
gitlab CVE-2022-3286: Bypass group IP restriction on Dependency Proxy | CVE-2022-3286 | 11/2/2023 | development |
gitlab CVE-2022-0751: Inaccurate display of Snippet contents can be potentially misleading to users | CVE-2022-0751 | 11/2/2023 | development |
gitlab CVE-2023-3932: An attacker can run pipeline jobs as arbitrary user | CVE-2023-3932 | 11/2/2023 | development |
gitlab CVE-2022-1416: HTML and CSS injection in pipeline error messages | CVE-2022-1416 | 11/2/2023 | development |
gitlab CVE-2022-2904: Content injection via External Status Checks | CVE-2022-2904 | 11/2/2023 | development |
gitlab CVE-2021-22213: Stealing GitLab OAuth access tokens using XSLeaks in Safari | CVE-2021-22213 | 11/2/2023 | development |
gitlab CVE-2021-39885: Stored XSS in merge request creation page | CVE-2021-39885 | 11/2/2023 | development |
gitlab CVE-2022-3818: Uncontrolled resource consumption when parsing URLs | CVE-2022-3818 | 11/2/2023 | development |
gitlab CVE-2022-2428: Arbitrary HTTP Requests Possible in .ipynb Notebook with Malicious Form Tags | CVE-2022-2428 | 11/2/2023 | development |
gitlab CVE-2022-2931: Denial of Service via Issue preview | CVE-2022-2931 | 11/2/2023 | development |
gitlab CVE-2022-3482: Release names visible in public projects despite release set as project members only | CVE-2022-3482 | 11/2/2023 | development |
gitlab CVE-2022-4054: Maintainer can leak webhook secret token by changing the webhook URL | CVE-2022-4054 | 11/2/2023 | development |
gitlab CVE-2021-22259: Potential DOS via dependencies API | CVE-2021-22259 | 11/2/2023 | development |
gitlab CVE-2021-22218: Spoofing commit author for signed commits | CVE-2021-22218 | 11/2/2023 | development |
gitlab CVE-2021-39910: HTML Injection via Swagger UI | CVE-2021-39910 | 11/2/2023 | development |
gitlab CVE-2021-39932: Potential denial of service via the Diff feature | CVE-2021-39932 | 11/2/2023 | development |
gitlab CVE-2021-42574: Unicode characters can be abused to commit malicious code into projects without notice | CVE-2021-42574 | 11/2/2023 | development |
gitlab CVE-2021-22197: Infinite Loop When a User Access a Merge Request | CVE-2021-22197 | 11/2/2023 | development |
gitlab CVE-2022-4365: Maintainer can leak sentry token by changing the configured URL | CVE-2022-4365 | 11/2/2023 | development |
gitlab CVE-2021-22198: Incident metric images can be deleted by any user | CVE-2021-22198 | 11/2/2023 | development |
gitlab CVE-2021-22239: Unauthorised user was able to add meta data upon issue creation | CVE-2021-22239 | 11/2/2023 | development |
gitlab CVE-2022-0283: Open redirect vulnerability in Jira Integration | CVE-2022-0283 | 11/2/2023 | development |
gitlab CVE-2022-2251: Command injection in CI jobs via branch name in CI pipelines | CVE-2022-2251 | 11/2/2023 | development |
gitlab CVE-2022-2228: CI variables provided to runners outside of a group's restricted IP range | CVE-2022-2228 | 11/2/2023 | development |
gitlab CVE-2021-39871: Bypass disabled Bitbucket Server import source project creation | CVE-2021-39871 | 11/2/2023 | development |
gitlab CVE-2021-39868: Create a project with unlimited repository size through malicious Project Import | CVE-2021-39868 | 11/2/2023 | development |
gitlab CVE-2021-22248: Pipelines page is partially visible for users that have no right to see CI/CD | CVE-2021-22248 | 11/2/2023 | development |
gitlab CVE-2022-0427: Arbitrary POST requests via special HTML attributes in Jupyter Notebooks | CVE-2022-0427 | 11/2/2023 | development |
gitlab CVE-2021-39947: Golang vulnerability CVE-2021-44717: donât close fd 0 on ForkExec error | CVE-2021-39947 | 11/2/2023 | development |
gitlab CVE-2022-3031: Brute force attack may guess a password even when 2FA is enabled | CVE-2022-3031 | 11/2/2023 | development |