Search Results (45935 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-0408 4 Fedoraproject, Redhat, Tigervnc and 1 more 12 Fedora, Enterprise Linux, Enterprise Linux Desktop and 9 more 2025-11-20 5.5 Medium
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
CVE-2024-2829 1 Gitlab 1 Gitlab 2025-11-20 7.5 High
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service.
CVE-2023-6678 1 Gitlab 1 Gitlab 2025-11-20 4.3 Medium
An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file.
CVE-2023-6489 1 Gitlab 1 Gitlab 2025-11-20 4.3 Medium
A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature.
CVE-2023-6159 1 Gitlab 1 Gitlab 2025-11-20 6.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input.
CVE-2023-4522 1 Gitlab 1 Gitlab 2025-11-20 4.3 Medium
An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit.
CVE-2023-3917 1 Gitlab 1 Gitlab 2025-11-20 4.3 Medium
Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.
CVE-2023-3909 1 Gitlab 1 Gitlab 2025-11-20 4.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.
CVE-2023-3906 1 Gitlab 1 Gitlab 2025-11-20 3.5 Low
An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.
CVE-2023-3904 1 Gitlab 1 Gitlab 2025-11-20 4.3 Medium
An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.
CVE-2023-3900 1 Gitlab 1 Gitlab 2025-11-20 4.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.
CVE-2023-3364 1 Gitlab 1 Gitlab 2025-11-20 7.5 High
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint.
CVE-2023-3210 1 Gitlab 1 Gitlab 2025-11-20 6.5 Medium
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.
CVE-2023-3205 1 Gitlab 1 Gitlab 2025-11-20 6.5 Medium
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.
CVE-2023-0632 1 Gitlab 1 Gitlab 2025-11-20 6.5 Medium
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry.
CVE-2025-11338 2 D-link, Dlink 3 Di-7100g C1, Di-7100g C1, Di-7100g C1 Firmware 2025-11-19 8.8 High
A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub_4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2025-11339 2 D-link, Dlink 3 Di-7100g C1, Di-7100g C1, Di-7100g C1 Firmware 2025-11-19 8.8 High
A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-38292 1 Linux 1 Linux Kernel 2025-11-19 7.1 High
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation accessed again which is wrong since the memory is already freed. This might lead use-after-free error. Hence, fix by locally defining bool is_continuation from rxcb, so that after freeing skb, is_continuation can be used. Compile tested only.
CVE-2025-11408 2 D-link, Dlink 3 Di-7001 Mini, Di-7001mini-8g, Di-7001mini-8g Firmware 2025-11-19 8.8 High
A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-38367 1 Linux 1 Linux Kernel 2025-11-19 7.8 High
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as array index when modify register EIOINTC_ENABLE. There will be array index overflow problem.