» 2022 » 4월

CVE-2022-0740

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-0740

Incorrect authorization in the Asana integration’s branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.

Source: CVE-2022-0740

CVE-2021-33010

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2021-33010

An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition.

Source: CVE-2021-33010

CVE-2022-1099

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-1099

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab

Source: CVE-2022-1099

CVE-2022-1162

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

Source: CVE-2022-1162

CVE-2021-36826

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2021-36826

Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager (WordPress plugin) versions <= 2.4.13.

Source: CVE-2021-36826

CVE-2021-33008

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2021-33008

AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.

Source: CVE-2021-33008

CVE-2022-1100

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-1100

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

Source: CVE-2022-1100

CVE-2021-32994

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2021-32994

Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don’t properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations.

Source: CVE-2021-32994

CVE-2022-1111

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-1111

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the ‘Access Granted’ column in the project membership pages

Source: CVE-2022-1111

CVE-2022-1120

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-1120

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.

Source: CVE-2022-1120