UBUNTU-CVE-2021-22256

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...

CVE-2021-22256

CVE-2021-22256 concerns GitLab CE/EE: improper authorization allowed guest users to create issues for Sentry errors and track status, affecting all versions since 12.6. Public records from Red Hat, OSV, NVD and related feeds confirm the issue exists in GitLab CE/EE and has concrete exploitation c...

CVE-2021-22256

Removed by vendor...

CVE-2021-22256

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...

Fix of CVE: CVE-2020-14058, CVE-2020-15049

CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack...

The vulnerability of Google Chrome web browser’s animation implementation allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Google Chrome web browser’s animation implementation is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by opening a specially created...

The vulnerability of the WebAudio component in the Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome’s WebAudio component is caused by synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to execute arbitrary code jargon: “runaway” through a specially created web page...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created website...

The vulnerability of the unlink() function in the content management system CSZ CMS allows a hacker to delete any files they desire.

The vulnerability of the unlink function in the CSZ CMS content management system is related to errors in resource release. Exploiting this vulnerability could allow a remote attacker to delete arbitrary files...

The vulnerability of the `notifyProfileAdded` and `notifyProfileRemoved` functions in the Android operating system allows a hacker to disclose protected information.

The vulnerability of the notifyProfileAdded and notifyProfileRemoved functions in the SipService.java file of the Android operating system is related to authentication errors. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by these functions...

PT-2021-18929 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15 iPadOS versions prior to 15 Description: A logic issue existed in the handling of document loads, which was addressed with improved state management. Previewing an html file attached to a note may unexpectedly contact...

DEBIAN-CVE-2021-3694

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...

PT-2021-6600 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.2 and later Description: A verbose error message in GitLab EE could disclose the private email address of a user invited to a group. This issue affects all versions since 12.2 and allows a remote attacker to access...

SUSE-SU-2021:2802-1 Security update for libmspack

This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. bsc1103032 - CVE-2018-14682: There is an off-by-one error in the TOLOWER macro for CHM decompression. bsc1103032 - CVE-2018-14679: There is an off-by-on...

The vulnerability of the CmpGateway component in the Codesys V3 Runtime System software suite allows a intruder to trigger a service failure.

The vulnerability of the CmpGateway component in the Codesys V3 Runtime System software suite is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to trigger a service failure using a specially crafted TCP packet...

The vulnerability of the Bash command shell, related to pointer arithmetic errors, allows attackers to compromise data integrity and cause service failures.

The vulnerability of the Bash command shell is related to errors due to incorrect command sequencing. Exploiting this vulnerability allows a remote attacker to compromise data integrity and cause service failures...

The vulnerability of the Microsoft Exchange Server mail server, related to errors in code generation, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to errors in code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of Microsoft Exchange Server’s mail server, related to privilege management errors, allows a hacker to elevate their privileges.

The vulnerability of Microsoft Exchange Server is related to privilege management errors. Exploiting this vulnerability can allow an attacker to increase their privileges...

qemu security update

15:4.2.1-11.el7 - pvrdma: Fix the ring init error flow CVE-2021-3608 Marcel Apfelbaum Orabug: 33120142 CVE-2021-3608 - pvrdma: Ensure correct input on ring init CVE-2021-3607 Marcel Apfelbaum Orabug: 33120146 CVE-2021-3607 - hw/rdma: Fix possible mremap overflow in the pvrdma device CVE-2021-3582...

Google TensorFlow code issue vulnerability (CNVD-2021-64531)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which stems from the fact that the SVDF implementation in TFLite is vulnerable to a null pointer error in the affected version. An attacker could...