CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2483 matches found

Positive Technologies•added 2025/01/08 12:0 a.m.•2 views

PT-2025-1844 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.5 through 17.5.5 GitLab CE/EE versions 17.6 through 17.6.3 GitLab CE/EE versions 17.7 through 17.7.1 Description: An issue was discovered in GitLab CE/EE where unauthorized users could manipulate the status of issues ...

4.3CVSS5.9AI score0.00415EPSS

Exploits1References16

Positive Technologies•added 2025/01/08 12:0 a.m.•3 views

PT-2025-1087 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.4 through 17.5.5 GitLab CE/EE versions 17.6 through 17.6.3 GitLab CE/EE versions 17.7 through 17.7.1 Description: The issue is related to the incorrect management of user actions in GitLab CE/EE, which can allow a...

5.4CVSS6.3AI score0.00272EPSS

Exploits1References15

Vulnrichment•added 2024/12/16 4:31 a.m.•17 views

CVE-2024-8116 Incorrect Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names...

5.3CVSS6.6AI score0.0041EPSS

Exploits1References2

CVE•added 2024/12/12 12:3 p.m.•657 views

CVE-2024-8179

CVE-2024-8179 affects GitLab CE/EE, specifically versions 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. The issue is caused by improper output encoding that can lead to cross-site scripting (XSS) if CSP is not enabled. The vulnerability is scoped to the web page generation path ...

5.4CVSS5.1AI score0.00317EPSS

Exploits0References2Affected Software1

OSV•added 2024/12/12 12:3 p.m.•8 views

CVE-2024-8179 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

5.4CVSS5.9AI score0.00317EPSS

Exploits0References5

Cvelist•added 2024/12/12 12:2 p.m.•16 views

CVE-2024-9367 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while parsing templates to generate...

4.3CVSS0.00465EPSS

Exploits1References2

Debian CVE•added 2024/12/12 12:2 p.m.•9 views

CVE-2024-9367

Removed by vendor...

4.3CVSS5.8AI score0.00465EPSS

Exploits1

Debian CVE•added 2024/12/12 12:2 p.m.•7 views

CVE-2024-9387

Removed by vendor...

6.4CVSS5.8AI score0.00373EPSS

Exploits1

Debian CVE•added 2024/12/12 11:30 a.m.•14 views

CVE-2024-12292

Removed by vendor...

4CVSS5.8AI score0.00212EPSS

Exploits0

Positive Technologies•added 2024/12/11 12:0 a.m.•4 views

PT-2024-9582 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.4 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: The issue affects GitLab CE/EE and is related to an uncontrolled resource consumption. An attacker could...

7.8CVSS6.9AI score0.0075EPSS

Exploits1References16

Positive Technologies•added 2024/12/11 12:0 a.m.•5 views

PT-2024-9581 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.1 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: An issue was discovered in GitLab CE/EE where the injection of Network Error Logging NEL headers in the...

8.7CVSS6.1AI score0.00463EPSS

Exploits1References24

SUSE Linux•added 2024/12/05 2:58 p.m.•5 views

Security update for docker-stable

This update for docker-stable fixes the following issues: Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. Update --add-runtime to point to correct binary path. Further merge docker and...

9.9CVSS7.2AI score0.16496EPSS

Exploits0References18

OSV•added 2024/11/28 7:21 p.m.•134 views

BIT-GITLAB-2024-11828 Inefficient Algorithmic Complexity in GitLab

A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlie...

7.5CVSS5.3AI score0.00583EPSS

Exploits0References3

OSV•added 2024/11/28 7:11 p.m.•120 views

BIT-GITLAB-2024-8177 Inefficient Algorithmic Complexity in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry...

7.5CVSS5.7AI score0.00571EPSS

Exploits0References3

OSV•added 2024/11/28 7:10 p.m.•15 views

BIT-GITLAB-2024-8237 Inefficient Algorithmic Complexity in GitLab

A Denial of Service DoS issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file...

7.5CVSS6.3AI score0.00611EPSS

Exploits0References3