Security Bulletin: Issue in RCE in PCOMM Service through unprotected named pipe

Summary There is a vulnerability in IBM Personal Communications PCOMM. Personal Communications has addressed the applicable CVE through version update. Vulnerability Details CVEID:CVE-2024-25029 DESCRIPTION: IBM Personal Communications 15.0.1 includes a Windows service that is vulnerable to remot...

Vulnerability fixed in IBM Personal Communications

IBM has fixed a vulnerability in Personal Communications PCOMM. The vulnerability is located in an underlying Windows component and allows a malicious person to afford granted elevated privileges and execute code with privileges of SYSTEM. IBM has released updates to fix the vulnerability in...

GitLab 13.3 < 13.12.9 / 14.0 < 14.0.7 / 14.1 < 14.1.2 (CVE-2021-22250)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account CVE-2021-22250 Note that...

CVE-2021-22237

Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2...

UBUNTU-CVE-2021-22237

Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2...

CVE-2021-22237

Removed by vendor...

CVE-2021-22237

CVE-2021-22237 affects GitLab CE/EE where, under specialized conditions, a user with an impersonation token could perform Git actions even if impersonation is disabled. Concrete details across connected sources indicate the vulnerability exists in GitLab versions before 13.12.9, 14.0.7, and 14.1....

PT-2021-6547 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 13.12.9 GitLab CE/EE versions prior to 14.0.7 GitLab CE/EE versions prior to 14.1.2 Description: The issue is related to incorrect session management in GitLab, allowing a remote attacker to impact data integrit...

CVE-2021-22254

Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9...

GitLab 跨站脚本漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab, whic...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Not all vulnerabilities...