CVE search results

711 – 720 of 1541 results

Detailed view

Sort by:

CVE-2022-1940

Medium priority

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript...

1 affected package

gitlab

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	—	—

CVE-2022-1936

Medium priority

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a...

1 affected package

gitlab

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	—	—

CVE-2022-1935

Medium priority

1 affected package

gitlab

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	—	—

CVE-2022-1821

Medium priority

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a...

1 affected package

gitlab

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	—	—

CVE-2022-1783

Medium priority

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious...

1 affected package

gitlab

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	—	—

CVE-2021-39947

Medium priority

Ignored

In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs

1 affected package

gitlab-ci-multi-runner

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab-ci-multi-runner	Not in release	Not in release	Not in release	Ignored	Ignored

CVE-2021-34081

Medium priority

Needs evaluation

OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.

1 affected package

gitsome

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitsome	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2022-31022

Medium priority

Needs evaluation

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index...

1 affected package

golang-github-blevesearch-bleve

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-github-blevesearch-bleve	Not in release	Not in release	Needs evaluation	Ignored	Ignored

CVE-2022-30323

Medium priority

Vulnerable

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.

2 affected packages

golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-github-hashicorp-go-getter	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-github-jesseduffield-go-getter	Not in release	Vulnerable	Vulnerable	Vulnerable	—

CVE-2022-30322

Medium priority

Vulnerable

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.

2 affected packages

golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-github-hashicorp-go-getter	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-github-jesseduffield-go-getter	Not in release	Vulnerable	Vulnerable	Vulnerable	—

Export to JSON

Results by page:

Search CVE reports