CVE-2021-22210

CVE-2021-22210 affects GitLab CE/EE starting from 13.2. Root cause: API call to query repository branches ignores a query parameter, causing GitLab to return a large number of results. The issue is addressed in upstream GitLab security releases and fixed in GitLab versions 13.11.2, 13.10.4, and 1...

CVE-2021-22211

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling...

CVE-2021-22211

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling...

GitLab Input Validation Error Vulnerability (CNVD-2021-34555)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An input validation error vulnerability exists in GitLab...

CVE-2021-22211

CVE-2021-22211 affects GitLab CE/EE starting from version 13.7, where GitLab Dependency Proxy could impersonate a user under certain circumstances, potentially enabling incorrect access handling. Impacted in-the-wild behavior is described as a user impersonation vulnerability with possible access...

CVE-2021-31583

Affected software: Sipwise C5 NGCP WWW Admin (NGCP CE 3.0 era; also NGCP www_admin 3.6.7). Description and connected sources document multiple authenticated stored and reflected XSS vulnerabilities arising when input to several scripts/parameters is not properly sanitized. Confirmed vulnerable lo...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution...

CVE-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution...

CVE-2021-22205

CVE-2021-22205 affects GitLab CE/EE from version 11.9 onward. The root cause is improper validation of image files handed to a file parser, which can lead to remote code execution on the affected GitLab server. Public advisories summarize that exploitation delivers remote code execution through c...

CVE-2021-22205

Removed by vendor...

CVE-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. Recent assessments: jbaines-r7 at November 01, 2021 2:33pm UTC reported:...

CVE-2021-0257

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs Modular Port Concentrators where Integrated Routing and Bridging IRB interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge CE devices may cause memo...

CVE-2021-0257

CVE-2021-0257 affects Juniper Junos OS on MX Series and EX9200 Series with Trio-based MPCs where IRB interfaces are mapped to a VPLS or Bridge-Domain. The issue is a memory leak in the MPC that can lead to an out-of-memory condition and an MPC restart, causing temporary traffic interruptions. Aff...

Security Bulletin: IBM Cloud Automation Manager Content Runtime is affected by an issue with Docker before 19.03.15.

Summary IBM Cloud Automation Manager Content Runtime is affected by an issue with Docker before 19.03.15. as described in CVE-2021-21284 and CVE-2021-21285. If you have IBM Cloud Automation Manager Content Runtime with docker engine 19.03.14 or earlier installed, upgrade it to 19.03.15...

Security Bulletin: IBM Cloud Pak for Multicloud Management Managed Service Content Runtime is affected by an issue with Docker before 19.03.15.

Summary IBM Cloud Pak for Multicloud Management Managed Service Content Runtime is affected by an issue with Docker before 19.03.15. as described in CVE-2021-21284 and CVE-2021-21285. If you have IBM Cloud Pak for Multicloud Management Managed Service Content Runtime with docker engine 19.03.14 o...

CVE-2021-22203

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server...

CVE-2021-22197

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...

CVE-2021-22201

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...

CVE-2021-22197

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...

CVE-2021-22203

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server...