CVE-2022-0425

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery SSRF attacks...

CVE-2022-0489

An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments...

CVE-2022-0741

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...

CVE-2022-0741

Removed by vendor...

CVE-2022-0741

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...

CVE-2022-0425

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery SSRF attacks...

CVE-2022-0425

Summary (CVE-2022-0425) A DNS rebinding vulnerability in the Irker IRC Gateway integration affects all GitLab CE/EE versions since 7.9, enabling Server Side Request Forgery (SSRF). The issue is tied to the GitLab Irker gateway component, with root cause described as DNS rebinding that can trigger...

CVE-2021-39908

GitLab CVE-2021-39908 affects GitLab CE/EE: any version from 0.8.0 up to before 14.2.6, from 14.3 up to before 14.3.4, and from 14.4 up to before 14.4.1. The issue allows certain Unicode characters to be abused to commit malicious code into projects without being noticed in merge request or sourc...

CVE-2022-0390

CVE-2022-0390 affects GitLab CE/EE, versions 12.7–14.7.1. The root cause is improper access control, enabling project non-members to retrieve issue details when they are linked to an item from the vulnerability dashboard. The vulnerability is documented across multiple sources, confirming affecte...

CVE-2022-0489

CVE-2022-0489 affects GitLab CE/EE, all versions starting with 8.15. The issue allows a Denial of Service by triggering the vulnerable behavior through the math feature in issue comments with a specific formula. Some connected sources (e.g., CNNVD, Nessus/NVD records) describe the root cause as h...

PT-2022-13211 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.15 and later Description: An issue has been discovered in GitLab CE/EE that allows a Denial of Service DOS to be triggered by using the math feature with a specific formula in issue comments. Recommendations: For GitLa...

CVE-2021-20729

Cross-site scripting vulnerability in pfSense CE and pfSense Plus pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier allows a remote attacker to inject an arbitrary script via a malicious URL...

CVE-2022-24299

Improper input validation vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command...

CVE-2021-20729

Cross-site scripting vulnerability in pfSense CE and pfSense Plus pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier allows a remote attacker to inject an arbitrary script via a malicious URL...

CVE-2022-24299

Improper input validation vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command...

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...

Input validation

Improper input validation vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command...

Cross site scripting

Cross-site scripting vulnerability in pfSense CE and pfSense Plus pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier allows a remote attacker to inject an arbitrary script via a malicious URL...

CVE-2022-26019

The CVE-2022-26019 issue affects pfSense CE/Plus: pfSense CE before 2.6.0 and pfSense Plus before 22.01. The root cause is improper access control that lets a remote attacker with privilege to modify NTP GPS settings rewrite files on the filesystem, potentially enabling arbitrary command executio...

CVE-2022-24299

The CVE-2022-24299 issue affects pfSense CE (versions prior to 2.6.0) and pfSense Plus (prior to 22.01); it is an Improper Input Validation vulnerability that lets a privileged attacker who can modify OpenVPN client/server settings execute arbitrary commands. This is documented across multiple so...