CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2021/12/13 4:15 p.m.•17 views

Design/Logic Flaw

5CVSS7.3AI score0.30496EPSS

UbuntuCve•added 2021/12/13 4:15 p.m.•18 views

CVE-2021-39938

A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted...

6.5CVSS6.6AI score0.00892EPSS

Exploits0References1

Prion•added 2021/12/13 4:15 p.m.•15 views

Design/Logic Flaw

4CVSS6.4AI score0.00892EPSS

Exploits0References2Affected Software1

Debian CVE•added 2021/12/13 3:47 p.m.•20 views

CVE-2021-39935

Removed by vendor...

7.5CVSS7.3AI score0.30496EPSS

Cvelist•added 2021/12/13 3:47 p.m.•17 views

CVE-2021-39932

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing co...

4.3CVSS5.1AI score0.0086EPSS

Exploits0References2

Debian CVE•added 2021/12/13 3:47 p.m.•21 views

CVE-2021-39932

Removed by vendor...

4.3CVSS5.8AI score0.0086EPSS

Cvelist•added 2021/12/13 3:47 p.m.•15 views

CVE-2021-39934

Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2...

4.3CVSS5AI score0.00906EPSS

Debian CVE•added 2021/12/13 3:47 p.m.•21 views

CVE-2021-39934

Removed by vendor...

4.3CVSS5.8AI score0.00906EPSS

CVE•added 2021/12/13 3:47 p.m.•55 views

CVE-2021-39915

CVE-2021-39915: GitLab CE/EE GraphQL API has improper access control that lets an attacker view the names of project access tokens on arbitrary projects. Affected: GitLab versions starting from 13.0 up to before 14.3.6, 14.4 before 14.4.4, and 14.5 before 14.5.2. Remediation per sources is to upg...

5.3CVSS5.3AI score0.01134EPSS

CVE•added 2021/12/13 3:47 p.m.•60 views

CVE-2021-39938

CVE-2021-39938 : A vulnerable regular expression in GitLab CE/EE allows DoS via specially crafted deploy slash commands. Affected versions: GitLab CE/EE 8.15 before 14.3.6; starting from 14.4 before 14.4.4; starting from 14.5 before 14.5.2. Remediation available by upgrading to patched releases (...

6.5CVSS6.3AI score0.00892EPSS

Exploits0References2Affected Software1

Debian CVE•added 2021/12/13 3:47 p.m.•25 views

CVE-2021-39938

Removed by vendor...

6.5CVSS6.6AI score0.00892EPSS

CVE•added 2021/12/13 3:47 p.m.•65 views

CVE-2021-39945

CVE-2021-39945 affects GitLab CE/EE API. A bug in access control allows an author of a Merge Request to approve the MR even after their project access is revoked, across GitLab versions: 9.4–14.3.6, 14.4–14.4.3, and 14.5–14.5.1. Root cause is improper access restriction in the Merge Request appro...

4CVSS3.7AI score0.00908EPSS

Cvelist•added 2021/12/13 3:47 p.m.•18 views

CVE-2021-39944

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege ...

7.1CVSS7AI score0.00916EPSS

GithubExploit•added 2021/11/25 12:47 p.m.•617 views

Exploit for Code Injection in Gitlab

Golang-CVE-2021-22205-POC A bare bones CVE-2021-22205 Gitlab R...

10CVSS9.2AI score0.99981EPSS

Exploits57

NVD•added 2021/11/05 12:15 a.m.•11 views

CVE-2021-39912

A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion...

5.3CVSS0.01437EPSS

NVD•added 2021/11/05 12:15 a.m.•11 views

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

4.3CVSS0.00944EPSS

NVD•added 2021/11/05 12:15 a.m.•15 views

CVE-2021-39895

In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure...

6CVSS0.00984EPSS