GitLab Information Disclosure Vulnerability (CNVD-2021-99767)

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, etc. An information disclosure vulnerability exists in GitLab CE/EE, which stems from an informati...

Microsoft OMI Management Interface Authentication Bypass Exploit

This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September...

python-pip: Incorrect handling of unicode separators in git references

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...

python-pip: Incorrect handling of unicode separators in git references

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-91184)

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to a cross-site scripting vulnerability that could b...

UVI-2021-1001579 i40e: Fix freeing of uninitialized misc IRQ vector

i40e: Fix freeing of uninitialized misc IRQ vector This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.153 by commit...

Enalean Tuleap Open Alm SQL注入漏洞

Enalean Tuleap Open Alm is a free and open source tool from Enalean France. for end-to-end traceability of application and system development. An SQL injection vulnerability exists in Enalean Tuleap Open Alm, which stems from the fact that Tuleap does not properly clean up user input when...

Design/Logic Flaw

Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username...

Central Dogma 安全漏洞

Central Dogma is an open source service configuration version control repository based on Git, ZooKeeper and HTTP/2. A security vulnerability exists in Central Dogma that allows elevation of privilege by mirroring to an internal Dogma repository with files that manage project authorizations...

CVE-2021-37548

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS...

Jetbrains JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in versions of JetBrains TeamCity...

GSD-2021-1001444 memory: fsl_ifc: fix leak of IO mapping on probe failure

memory: fslifc: fix leak of IO mapping on probe failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.276 by commit...

UVI-2021-1001340 x86/signal: Detect and prevent an alternate signal stack overflow

x86/signal: Detect and prevent an alternate signal stack overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.134 by commit...

UVI-2021-1001309 net/sched: act_skbmod: Skip non-Ethernet packets

net/sched: actskbmod: Skip non-Ethernet packets This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.136 by commit...

UVI-2021-1001108 i2c: robotfuzz-osif: fix control-request directions

i2c: robotfuzz-osif: fix control-request directions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.238 by commit...

UVI-2021-1000922 net: usb: fix possible use-after-free in smsc75xx_bind

net: usb: fix possible use-after-free in smsc75xxbind This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.128 by commit...

UVI-2021-1000891 spi: bcm2835: Fix out-of-bounds access with more than 4 slaves

spi: bcm2835: Fix out-of-bounds access with more than 4 slaves This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.126 by commit...

Gitlab Access Control Error Vulnerability (CNVD-2021-40764)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An access control error vulnerability exists in Gitlab th...

GSD-2021-1000703 i2c: i801: Don't generate an interrupt on bus reset

i2c: i801: Don't generate an interrupt on bus reset This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.271 by commit...

GSD-2021-1000516 RDMA/rxe: Clear all QP fields if creation failed

RDMA/rxe: Clear all QP fields if creation failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.122 by commit...