|
197821
|
3.5 |
LOW
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-22193
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197822
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
|
NVD-CWE-noinfo
|
CVE-2021-22192
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197823
|
4.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
|
CWE-863
Incorrect Authorization
|
CVE-2021-22186
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197824
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki
|
CWE-79
Cross-site Scripting
|
CVE-2021-22185
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197825
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-22179
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197826
|
5.0 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-22178
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197827
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
|
CWE-863
Incorrect Authorization
|
CVE-2021-22176
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197828
|
7.8 |
HIGH
Local
|
huawei
|
manageone
|
There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitat…
|
NVD-CWE-noinfo
|
CVE-2021-22314
|
2024-11-21 14:49 |
2021-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197829
|
7.2 |
HIGH
Network
|
huawei
|
manageone
|
There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow c…
|
CWE-276
Incorrect Default Permissions
|
CVE-2021-22311
|
2024-11-21 14:49 |
2021-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197830
|
5.3 |
MEDIUM
Network
|
huawei
|
nip6300_firmware
nip6600_firmware
nip6800_firmware
s12700_firmware
s1700_firmware
s2700_firmware
s5700_firmware
s6700_firmware
s7700_firmware
s9700_firmware
secospace_us…
|
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious opera…
|
CWE-416
Use After Free
|
CVE-2021-22321
|
2024-11-21 14:49 |
2021-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
