CVE-2021-22192
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
Source: CVE-2021-22192
[월:] 2021년 03월
CVE-2021-22193
CVE-2021-22193
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
Source: CVE-2021-22193
CVE-2021-22179
CVE-2021-22179
A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature.
Source: CVE-2021-22179
CVE-2020-15809
CVE-2020-15809
spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd.
Source: CVE-2020-15809
CVE-2021-22178
CVE-2021-22178
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
Source: CVE-2021-22178
CVE-2020-7839
CVE-2020-7839
In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability caused by improper input validation checks when parsing brokerCommand parameter.
Source: CVE-2020-7839
CVE-2021-22176
CVE-2021-22176
An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
Source: CVE-2021-22176
CVE-2019-19354
CVE-2019-19354
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Source: CVE-2019-19354
CVE-2019-19352
CVE-2019-19352
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Source: CVE-2019-19352
CVE-2019-19353
CVE-2019-19353
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Source: CVE-2019-19353