|
196881
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics
|
CWE-863
Incorrect Authorization
|
CVE-2021-22247
|
2024-11-21 14:49 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196882
|
2.7 |
LOW
Network
|
gitlab
|
gitlab
|
Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view
|
CWE-20
Improper Input Validation
|
CVE-2021-22245
|
2024-11-21 14:49 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196883
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data
|
NVD-CWE-Other
|
CVE-2021-22244
|
2024-11-21 14:49 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196884
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group.
|
CWE-863
Incorrect Authorization
|
CVE-2021-22243
|
2024-11-21 14:49 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196885
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown
|
CWE-79
Cross-site Scripting
|
CVE-2021-22242
|
2024-11-21 14:49 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196886
|
4.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions befo…
|
CWE-384
Session Fixation
|
CVE-2021-22237
|
2024-11-21 14:49 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196887
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.
|
CWE-863
Incorrect Authorization
|
CVE-2021-22236
|
2024-11-21 14:49 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196888
|
7.8 |
HIGH
Local
|
codesys
|
codesys
|
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21869
|
2024-11-21 14:49 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196889
|
8.8 |
HIGH
Network
|
gpac
debian
|
gpac
debian_linux
|
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an int…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2021-21850
|
2024-11-21 14:49 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196890
|
8.8 |
HIGH
Network
|
gpac
debian
|
gpac
debian_linux
|
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an int…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2021-21849
|
2024-11-21 14:49 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
