[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250039

 
 

909

 
 

195882

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15151 Download | Alert*

The host is installed with GitLab EE 14.3 before 16.0.8, 16.1 before 16.1.3, or 16.2 before 16.2.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow attackers to log access tokens when a query was made to a specific endpoint.

The host is installed with GitLab EE 14.3 before 16.0.8, 16.1 before 16.1.3, or 16.2 before 16.2.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow attackers to log access tokens when a query was made to a specific endpoint.

The host is installed with GitLab CE/EE 16.1 before 16.1.3, or 16.2 before 16.2.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an invalid 'start_sha' value on merge requests page. Successful exploitation could allow attackers to cause denial of service as Changes tab would not load.

The host is installed with GitLab CE/EE 16.1 before 16.1.3, or 16.2 before 16.2.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an invalid 'start_sha' value on merge requests page. Successful exploitation could allow attackers to cause denial of service as Changes tab would not load.

MediaWiki PandocUpload Extension Remote Code Execution Vulnerability. An authenticated attacker could exploit this vulnerability by uploading a file with the destination name as a malicious payload due to shell arguments not being properly escaped. When successfully exploited this could allow the malicious actor to perform remote code execution.

The host is installed with GitLab CE/EE 10.0 before 16.0.8, 16.1 before 16.1.3, or 16.2 before 16.2.2 and is prone to a reflected XSS vulnerability. A flaw is present in the application, which fails to properly handle an issue when creating specific PlantUML diagrams. Successful exploitation could allow attackers to perform arbitrary actions on behalf of victims through a reflected XSS.

The host is installed with GitLab CE/EE 10.0 before 16.0.8, 16.1 before 16.1.3, or 16.2 before 16.2.2 and is prone to a reflected XSS vulnerability. A flaw is present in the application, which fails to properly handle an issue when creating specific PlantUML diagrams. Successful exploitation could allow attackers to perform arbitrary actions on behalf of victims through a reflected XSS.

The host is installed with GitLab CE/EE 15.3 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an improper control of resource identifiers. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to merge arbitrary code into protected branches.

The host is installed with GitLab CE/EE 15.3 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an improper control of resource identifiers. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to merge arbitrary code into protected branches.

The host is installed with GitLab CE/EE 10.3 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an uncontrolled resource consumption. A flaw is present in the application, which fails to properly handle crafted payloads to the preview_markdown endpoint. Successful exploitation could allow remote attackers to cause regular expression denial of service.


Pages:      Start    919    920    921    922    923    924    925    926    927    928    929    930    931    932    ..   1515

© SecPod Technologies