CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2023/01/12 12:0 a.m.•142 views

CVE-2022-4037

GitLab CE/EE is affected by CVE-2022-4037 across all versions before 15.5.7, all 15.6.x before 15.6.4, and all 15.7.x before 15.7.2. The issue is a race condition that can allow verified email forgery and takeover of third‑party accounts when GitLab is used as an OAuth provider. Remediation per t...

8.5CVSS8.1AI score0.00639EPSS

Exploits0References3Affected Software1

OSV•added 2023/01/12 12:0 a.m.•20 views

CVE-2022-3573

5.4CVSS5.5AI score0.00585EPSS

Exploits0References5

OSV•added 2023/01/12 12:0 a.m.•16 views

CVE-2023-0042

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols...

6.1CVSS6AI score0.00403EPSS

Exploits0References4

OSV•added 2023/01/12 12:0 a.m.•27 views

CVE-2022-3514

An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the...

4.3CVSS4.9AI score0.00842EPSS

Exploits0References5

Cvelist•added 2023/01/12 12:0 a.m.•35 views

CVE-2022-3514

4.3CVSS5.7AI score0.00842EPSS

CNNVD•added 2022/12/15 12:0 a.m.•3 views

Netgate pfSense CE 跨站脚本漏洞

Netgate pfSense CE is a free and open source FreeBSD-based firewall and router software. A security vulnerability exists in Netgate pf Sense version 2.4.4-Release-p3, Netgate ACME package version 0.6.3. An attacker can exploit this vulnerability to execute arbitrary code via the RootFolder field ...

6.1CVSS6.8AI score0.00598EPSS

Tenable Nessus•added 2022/11/15 12:0 a.m.•40 views

NewStart CGSL MAIN 6.02 : docker-ce Vulnerability (NS-SA-2022-0095)

The remote NewStart CGSL host, running version MAIN 6.02, has docker-ce packages installed that are affected by a vulnerability: - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for...

6CVSS7.5AI score0.01663EPSS

Exploits1References3

OpenVAS•added 2022/11/11 12:0 a.m.•14 views

GitLab 13.9 < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Information Exposure Vulnerability

GitLab is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

5.3CVSS5.2AI score0.00664EPSS

OpenVAS•added 2022/11/11 12:0 a.m.•21 views

GitLab 12.6 < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Multiple Vulnerabilities

GitLab is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

9CVSS7.4AI score0.00774EPSS

Exploits0References2

NVD•added 2022/11/10 12:15 a.m.•18 views

CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

9CVSS0.00774EPSS

NVD•added 2022/11/10 12:15 a.m.•15 views

CVE-2022-3706

Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that...

4.3CVSS0.00508EPSS

Exploits0References2

UbuntuCve•added 2022/11/10 12:15 a.m.•26 views

CVE-2022-3706

4.3CVSS5.9AI score0.00508EPSS

UbuntuCve•added 2022/11/10 12:15 a.m.•34 views

CVE-2022-3793

An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to...

5.3CVSS6.1AI score0.00537EPSS

UbuntuCve•added 2022/11/10 12:15 a.m.•17 views

CVE-2022-3726

9CVSS7.2AI score0.00774EPSS

Prion•added 2022/11/10 12:15 a.m.•19 views

Design/Logic Flaw

An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance...

5CVSS5.2AI score0.0067EPSS

Prion•added 2022/11/10 12:15 a.m.•14 views

Authorization

5CVSS5.1AI score0.00537EPSS

Prion•added 2022/11/10 12:15 a.m.•14 views

Authorization

An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to...

4.3CVSS4.5AI score0.00426EPSS

Prion•added 2022/11/10 12:15 a.m.•17 views

Authorization

4CVSS4.5AI score0.00508EPSS

Tenable Nessus•added 2022/11/10 12:0 a.m.•40 views

GitLab 12.6 < 15.3.5 / 15.4 < 15.4.4 / 15.5 < 15.5.2 (CVE-2022-3793)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a...

5.3CVSS5.8AI score0.00537EPSS