|
199431
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project for…
|
NVD-CWE-noinfo
|
CVE-2021-22200
|
2024-11-21 14:49 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199432
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.
|
NVD-CWE-noinfo
|
CVE-2021-22198
|
2024-11-21 14:49 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199433
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and targe…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2021-22197
|
2024-11-21 14:49 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199434
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch nam…
|
CWE-79
Cross-site Scripting
|
CVE-2021-22196
|
2024-11-21 14:49 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199435
|
9.1 |
CRITICAL
Network
|
vmware
|
carbon_black_cloud_workload
|
VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMwa…
|
CWE-287
Improper Authentication
|
CVE-2021-21982
|
2024-11-21 14:49 |
2021-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199436
|
7.8 |
HIGH
Local
|
gitlab
|
gitlab-vscode-extension
|
Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2021-22195
|
2024-11-21 14:49 |
2021-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199437
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22177
|
2024-11-21 14:49 |
2021-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199438
|
6.5 |
MEDIUM
Network
|
vmware
|
cloud_foundation
vrealize_suite_lifecycle_manager
vrealize_operations_manager
|
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager A…
|
NVD-CWE-noinfo
|
CVE-2021-21983
|
2024-11-21 14:49 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199439
|
7.5 |
HIGH
Network
|
vmware
|
cloud_foundation
vrealize_suite_lifecycle_manager
vrealize_operations_manager
|
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Serve…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-21975
|
2024-11-21 14:49 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199440
|
4.4 |
MEDIUM
Local
|
gitlab
|
gitlab
|
In all versions of GitLab, marshalled session keys were being stored in Redis.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-22194
|
2024-11-21 14:49 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
