|
195251
|
4.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
|
CWE-863
Incorrect Authorization
|
CVE-2021-22186
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195252
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki
|
CWE-79
Cross-site Scripting
|
CVE-2021-22185
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195253
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-22179
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195254
|
5.0 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-22178
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195255
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
|
CWE-863
Incorrect Authorization
|
CVE-2021-22176
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195256
|
7.8 |
HIGH
Local
|
huawei
|
manageone
|
There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitat…
|
NVD-CWE-noinfo
|
CVE-2021-22314
|
2024-11-21 14:49 |
2021-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195257
|
7.2 |
HIGH
Network
|
huawei
|
manageone
|
There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow c…
|
CWE-276
Incorrect Default Permissions
|
CVE-2021-22311
|
2024-11-21 14:49 |
2021-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195258
|
5.3 |
MEDIUM
Network
|
huawei
|
nip6300_firmware
nip6600_firmware
nip6800_firmware
s12700_firmware
s1700_firmware
s2700_firmware
s5700_firmware
s6700_firmware
s7700_firmware
s9700_firmware
secospace_us…
|
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious opera…
|
CWE-416
Use After Free
|
CVE-2021-22321
|
2024-11-21 14:49 |
2021-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195259
|
7.5 |
HIGH
Network
|
huawei
|
ips_module_firmware
ngfw_module_firmware
nip6600_firmware
nip6800_firmware
secospace_usg6300_firmware
secospace_usg6500_firmware
secospace_usg6600_firmware
|
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affe…
|
NVD-CWE-noinfo
|
CVE-2021-22320
|
2024-11-21 14:49 |
2021-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195260
|
4.4 |
MEDIUM
Local
|
huawei
|
nip6300_firmware
nip6600_firmware
secospace_usg6300_firmware
secospace_usg6500_firmware
secospace_usg6600_firmware
usg9500_firmware
|
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-22310
|
2024-11-21 14:49 |
2021-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
