|
196711
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions…
|
CWE-863
Incorrect Authorization
|
CVE-2021-22253
|
2024-11-21 14:49 |
2021-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196712
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers
|
NVD-CWE-Other
|
CVE-2021-22252
|
2024-11-21 14:49 |
2021-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196713
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings
|
CWE-863
Incorrect Authorization
|
CVE-2021-22251
|
2024-11-21 14:49 |
2021-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196714
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-22249
|
2024-11-21 14:49 |
2021-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196715
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pi…
|
NVD-CWE-Other
|
CVE-2021-22248
|
2024-11-21 14:49 |
2021-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196716
|
9.8 |
CRITICAL
Network
|
att
|
xmill
|
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath:…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21828
|
2024-11-21 14:49 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196717
|
9.8 |
CRITICAL
Network
|
att
|
xmill
|
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of a…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21827
|
2024-11-21 14:49 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196718
|
9.8 |
CRITICAL
Network
|
att
|
xmill
|
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of a…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21826
|
2024-11-21 14:49 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196719
|
6.5 |
MEDIUM
Network
|
baserow
|
baserow
|
SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-22255
|
2024-11-21 14:49 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196720
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2021-22254
|
2024-11-21 14:49 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
