Search CVE reports
711 – 720 of 1538 results
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a...
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | — | — | — |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious...
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | — | — | — |
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs
1 affected package
gitlab-ci-multi-runner
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab-ci-multi-runner | Not in release | Not in release | Needs evaluation | Needs evaluation |
OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.
1 affected package
gitsome
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitsome | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index...
1 affected package
golang-github-blevesearch-bleve
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-blevesearch-bleve | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.
2 affected packages
golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-hashicorp-go-getter | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| golang-github-jesseduffield-go-getter | Vulnerable | Vulnerable | Vulnerable | — |
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.
2 affected packages
golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-hashicorp-go-getter | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| golang-github-jesseduffield-go-getter | Vulnerable | Vulnerable | Vulnerable | — |
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.
2 affected packages
golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-hashicorp-go-getter | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| golang-github-jesseduffield-go-getter | Vulnerable | Vulnerable | Vulnerable | — |
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
2 affected packages
golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-hashicorp-go-getter | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| golang-github-jesseduffield-go-getter | Vulnerable | Vulnerable | Vulnerable | — |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42836. Reason: This candidate is a duplicate of CVE-2021-42836. Notes: All CVE users should reference CVE-2021-42836 instead of this candidate.
2 affected packages
golang-github-tidwall-gjson, telegraf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-tidwall-gjson | Not affected | Not affected | Not affected | — |
| telegraf | Not in release | Not affected | — | — |