Количество 5 545
Количество 5 545
CVE-2021-39877
A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file.
CVE-2021-39877
A vulnerability was discovered in GitLab starting with version 12.2 th ...
CVE-2021-39876
In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups.
CVE-2021-39876
In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups.
CVE-2021-39876
In all versions of GitLab CE/EE since version 11.3, the endpoint for a ...
CVE-2021-39875
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.
CVE-2021-39875
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.
CVE-2021-39875
In all versions of GitLab CE/EE since version 13.6, it is possible to ...
CVE-2021-39874
In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.
CVE-2021-39874
In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.
CVE-2021-39874
In all versions of GitLab CE/EE since version 11.0, the requirement to ...
CVE-2021-39873
In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response.
CVE-2021-39873
In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response.
CVE-2021-39873
In all versions of GitLab CE/EE, there exists a content spoofing vulne ...
CVE-2021-39872
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.
CVE-2021-39872
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.
CVE-2021-39872
In all versions of GitLab CE/EE since version 14.1, an improper access ...
CVE-2021-39871
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
CVE-2021-39871
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
CVE-2021-39871
In all versions of GitLab CE/EE since version 13.0, an instance that h ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-39877 A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file. | CVSS3: 7.7 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39877 A vulnerability was discovered in GitLab starting with version 12.2 th ... | CVSS3: 7.7 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-39876 In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. | CVSS3: 4.3 | 0% Низкий | около 4 лет назад |
| CVE-2021-39876 In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. | CVSS3: 4.3 | 0% Низкий | около 4 лет назад |
| CVE-2021-39876 In all versions of GitLab CE/EE since version 11.3, the endpoint for a ... | CVSS3: 4.3 | 0% Низкий | около 4 лет назад |
| CVE-2021-39875 In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint. | CVSS3: 5.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39875 In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint. | CVSS3: 5.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39875 In all versions of GitLab CE/EE since version 13.6, it is possible to ... | CVSS3: 5.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39874 In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39874 In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39874 In all versions of GitLab CE/EE since version 11.0, the requirement to ... | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39873 In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39873 In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39873 In all versions of GitLab CE/EE, there exists a content spoofing vulne ... | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39872 In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39872 In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39872 In all versions of GitLab CE/EE since version 14.1, an improper access ... | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39871 In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39871 In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-39871 In all versions of GitLab CE/EE since version 13.0, an instance that h ... | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу