Total
32325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22258 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses | |||||
| CVE-2021-22257 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances. | |||||
| CVE-2021-22231 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. | |||||
| CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 4.9 MEDIUM |
| Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | |||||
| CVE-2021-22229 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. | |||||
| CVE-2021-22226 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 | |||||
| CVE-2021-22215 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects | |||||
| CVE-2021-22203 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. | |||||
| CVE-2021-22201 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 9.6 CRITICAL |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. | |||||
| CVE-2021-22200 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. | |||||
| CVE-2021-22198 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. | |||||
| CVE-2021-22192 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | |||||
| CVE-2021-22188 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs. | |||||
| CVE-2021-22167 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository | |||||
| CVE-2021-22154 | 1 Blackberry | 1 Unified Endpoint Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim's web history. | |||||
| CVE-2021-22112 | 3 Oracle, Pivotal Software, Vmware | 8 Communications Element Manager, Communications Interactive Session Recorder, Communications Unified Inventory Management and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. | |||||
| CVE-2021-22060 | 2 Oracle, Vmware | 3 Communications Cloud Native Core Console, Communications Cloud Native Core Service Communication Proxy, Spring Framework | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. | |||||
| CVE-2021-22057 | 2 Linux, Vmware | 2 Linux Kernel, Workspace One Access | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify. | |||||
| CVE-2021-22048 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. | |||||
| CVE-2021-22041 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | |||||