An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri…
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri…
Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability…
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor’s position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that “Auto-fill on page load” is not enabled by default. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri…
REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side. Zafiyet…
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National…
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database