CVE-2021-22186

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners...

Authorization

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners...

CVE-2021-22186

CVE-2021-22186 is an authorization issue in GitLab CE/EE, affecting versions 9.4 and later. Affected component: group-level CI/CD variables configuration; root cause described as a permission flaw that allows a group maintainer to modify variables that should be restricted to group owners . Docum...

CVE-2021-22186

Removed by vendor...

CVE-2021-22192

CVE-2021-22192 affects GitLab CE/EE (from version 13.2 onward): an authenticated user can execute arbitrary code on the server due to unsafe/unsupported markdown rendering. Public sources describe RCE via user-controlled Markdown rendering options; OSS and security advisories confirm the vulnerab...

Gitlab CE/EE Trust Management Issue Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A trust management issue vulnerability exists in Gitlab...

CVE-2021-22189

Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues...

Authentication flaw

Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues...

CVE-2021-22189

Technical details about CVE-2021-22189 are not publicly provided in the connected documents. Please monitor for updates from vendors and security advisories for affected GitLab CE/EE versions and remediation guidance.

CVE-2021-22189

Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues...

CVE-2021-22189

Removed by vendor...

Gitlab 信任管理问题漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A trust management issue vulnerability exists in Gitlab...

Security Bulletin: TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has been patched for various security issues in nanopb.

Summary TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has had various secuirty issue published for nanopb. These have been patched in the latest versions of TensorFlow. Vulnerability Details Third Party Entry: 193026 DESCRIPTION: Nanopb pbencode buffer overflow CVSS Base score: 4.8 CVSS...

Security Bulletin: TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has been patched for a security issue in nanopb.

Summary TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has had various secuirty issue published for nanopb. These have been patched in the latest versions of TensorFlow. Vulnerability Details CVEID: CVE-2020-26243 DESCRIPTION: Nanopb is vulnerable to a denial of service, caused by a memory...

CVE-2020-26295

OpenMage (Magento CE fork) is affected in versions before 19.4.10 and 20.0.5. An administrator with permissions to import/export data and edit CMS pages could inject an executable file on the server via layout XML. The issue is fixed in 19.4.10 and 20.0.5; upgrade to these versions or later to re...

Remote code execution

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...

CVE-2020-26252

CVE-2020-26252 affects OpenMage prior to versions 19.4.10 and 20.0.6, where an administrator with permission to update product data can store an executable file on the server and load it through layout XML, enabling remote code execution. The issue is fixed in OpenMage versions 19.4.10 and 20.0.6...

CVE-2021-0202 Junos OS: MX Series, EX9200 Series: Trio-based MPC memory leak when Integrated Routing and Bridging (IRB) interface is mapped to a VPLS instance or a Bridge-Domain

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC Modular Port Concentrator where Integrated Routing and Bridging IRB interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge CE device may cause memory leak...

PT-2021-4084 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 13.10.5 GitLab CE/EE versions prior to 13.11.5 GitLab CE/EE versions prior to 13.12.2 Description: The issue is related to uncontrolled resource consumption, which can be exploited by an attacker to cause a deni...

OsCommerce Phoenix CE Command Injection (CVE-2020-27976)

A command injection vulnerability exists in OsCommerce Phoenix CE. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...