2483 matches found
CVE-2021-22223
Removed by vendor...
CVE-2021-22232
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2021-22232
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2021-22226
Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9...
Design/Logic Flaw
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2021-22232
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2021-22229
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...
Race condition
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...
CVE-2021-22226
CVE-2021-22226 affects GitLab CE/EE where, under certain conditions, users could push to protected branches restricted to deploy keys. The fixed versions are GitLab 13.11.6, 13.12.6, and 14.0.2 (the issue exists in earlier 13.x/14.x releases). Impact centers on unintended bypass of branch protect...
CVE-2021-22226
Removed by vendor...
CVE-2021-22232
CVE-2021-22232 describes an HTML injection vulnerability in GitLab CE where the full name field could be exploited. Affected are GitLab CE prior to versions 13.11.6, 13.12.6, and 14.0.2. Root cause: input in the full name field not properly sanitized. Impact: HTML injection; exact exploitation de...
CVE-2021-22232
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2021-22232
Removed by vendor...
Denial of Service Vulnerability in EKI-1521-CE Serial Port Server Private Configuration Protocol
The EKI-15121-CE is a serial device networking server that sends private configuration protocols to device ports. A denial of service vulnerability exists in EKI-1521-CE, which can be exploited by an attacker to launch a denial of service attack...
CVE-2021-22181
A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources...
Denial of service
A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources...
CVE-2021-22181
CVE-2021-22181 affects GitLab CE/EE, with a denial-of-service risk due to a vulnerability that lets an attacker create a recursive pipeline relationship and exhaust resources in versions dating back to 11.8. Multiple connected sources (OSV, Arch Linux advisory) confirm the issue and point to upst...
CVE-2021-22181
Removed by vendor...
SUSE: Security Advisory (SUSE-SU-2019:0495-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-22216
CVE-2021-22216 is a denial-of-service vulnerability in GitLab CE/EE that affects all versions prior to 13.12.2, 13.11.5, or 13.10.5. An attacker can cause uncontrolled resource consumption by supplying a very long issue or merge request description, potentially exhausting server resources. The is...