Search CVE reports
1031 – 1040 of 1595 results
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | — | — | Not in release | Not in release |
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | Not in release | Not in release |
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | Not in release | Not in release |
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | Not in release | Not in release |
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | Not in release | Not in release |
git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution.
1 affected package
git-big-picture
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| git-big-picture | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Needs evaluation |
GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.
1 affected package
golang-github-tidwall-gjson
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-tidwall-gjson | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Not in release |
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.
1 affected package
golang-github-tidwall-gjson
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-tidwall-gjson | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Not in release |
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
1 affected package
golang-github-buger-jsonparser
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-buger-jsonparser | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.
1 affected package
golang-github-tidwall-gjson
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-tidwall-gjson | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Not in release |