2484 matches found
SUSE CVE-2016-9952
The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....
SUSE CVE-2016-9953
The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...
CVE-2022-3759
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child...
CVE-2023-0518
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart...
CVE-2022-3411
A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...
CVE-2023-0518
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart...
CVE-2022-3759
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child...
Denial of service
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child...
CVE-2022-3411
A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...
Cross site request forgery (csrf)
A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a...
CVE-2023-0518
GitLab CE/EE is affected by CVE-2023-0518: a DoS can be triggered by uploading a malicious Helm chart, impacting all versions 14.0–15.6.7, 15.7–15.7.6, and 15.8–15.8.1. Root cause: improper handling during Helm chart upload leading to Denial of Service. Remediation: upgrade to fixed releases (15....
CVE-2023-0518
Removed by vendor...
CVE-2022-3411
Removed by vendor...
CVE-2022-3759
Removed by vendor...
CVE-2022-3411
A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...
CVE-2022-4138
GitLab CVE-2022-4138 affects GitLab CE/EE with CSRF in all versions before 15.6.7, versions 15.7 before 15.7.6, and versions 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a malicious file to a project. Documents consistently identify the vulnerability...
CVE-2022-3759
CVE-2022-3759 affects GitLab CE/EE and can cause a DoS by uploading a crafted CI job artifact ZIP in projects using dynamic child pipelines, triggering a memory-intensive Sidekiq job. Impacted ranges: GitLab 14.3–14.3.x before 15.6.7; 15.7.x before 15.7.6; 15.8.x before 15.8.1. In vulnerable envi...
CVE-2022-3411
CVE-2022-3411 affects GitLab CE/EE with a lack of length validation in GraphQL that allows an authenticated user to create an oversized Issue description, repeatedly requested to saturate CPU (DoS). Affected versions: GitLab 12.4–15.6.7, 15.7–15.7.6, and 15.8–15.8.1. Mitigation: upgrade to fixed ...
CVE-2023-0518
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart...
CVE-2022-3759
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child...