NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Vulnerability (NS-SA-2021-0181)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has docker-ce packages installed that are affected by a vulnerability: - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd...

NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Multiple Vulnerabilities (NS-SA-2021-0138)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has docker-ce packages installed that are affected by multiple vulnerabilities: - Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2,...

NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Vulnerability (NS-SA-2021-0103)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has docker-ce packages installed that are affected by a vulnerability: - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege...

NewStart CGSL MAIN 6.02 : docker-ce Multiple Vulnerabilities (NS-SA-2021-0124)

The remote NewStart CGSL host, running version MAIN 6.02, has docker-ce packages installed that are affected by multiple vulnerabilities: - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege...

SUSE: Security Advisory (SUSE-SU-2021:3336-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sql injection

An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php...

CVE-2021-34758

A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service DoS condition. This vulnerability is due to insufficient...

CVE-2021-34758

CVE-2021-34758 affects Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software. The issue is in memory management due to insufficient access controls to a shared memory resource, allowing an authenticated local attacker to corrupt a shared memory segment and cause a DoS ...

CVE-2021-39880

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...

CVE-2021-39880

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...

CVE-2021-39880

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...

Denial of service

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...

CVE-2021-39891

In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure...

CVE-2021-39870

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...

CVE-2021-39880

CVE-2021-39880 affects the apollo_upload_server middleware in GitLab CE/EE (Ruby gem) across all affected GitLab releases: 11.9–14.0.8, 14.1.0–14.1.3, and 14.2.0–14.2.1. The issue allows a Denial of Service via specially crafted requests, denying access to all users. Upstream fixes exist in the c...

CVE-2021-39880

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...

CVE-2021-39870

Removed by vendor...

CVE-2021-39881

GitLab CVE-2021-39881 affects GitLab CE/EE from version 7.7 onward, where an attacker can create an OAuth client with arbitrary scope names to trick users into authorizing the malicious client via spoofed scope names and descriptions. The connected sources corroborate the same vulnerability descr...

CVE-2021-39891

CVE-2021-39891 affects GitLab CE/EE from version 8.0 onward, where tokens created during an admin’s impersonation of a user are not cleared at the end of impersonation. This can lead to exposure of sensitive information if impersonation tokens persist. The available documents consistently describ...

CVE-2021-39872

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...