Security
Headlines
HeadlinesLatestCVEs

Tag

#js

CVE-2022-42029: Security issues - Chamilo LMS

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#mac#apple#google#js#git#java#wordpress#php#rce#perl#ssrf#pdf#auth#ssh#ibm#sap
CVE-2022-2865: 2022/CVE-2022-2865.json · master · GitLab.org / cves · GitLab

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.

CVE-2022-2527: 2022/CVE-2022-2527.json · master · GitLab.org / cves · GitLab

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests.

CVE-2022-2908: 2022/CVE-2022-2908.json · master · GitLab.org / cves · GitLab

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.

CVE-2022-2428: 2022/CVE-2022-2428.json · master · GitLab.org / cves · GitLab

A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests

CVE-2022-3288: 2022/CVE-2022-3288.json · master · GitLab.org / cves · GitLab

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.

CVE-2022-3286: 2022/CVE-2022-3286.json · master · GitLab.org / cves · GitLab

Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token

CVE-2022-3540: 2022/CVE-2022-3540.json · master · GitLab.org / cves · GitLab

An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses

CVE-2022-3291: 2022/CVE-2022-3291.json · master · GitLab.org / cves · GitLab

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

CVE-2022-3067: 2022/CVE-2022-3067.json · master · GitLab.org / cves · GitLab

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID.