Gitlab Exploits

438 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-1000117 GITLAB HIGH
Malicious Git HTTP Server For CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
by hrnry
CVSS 8.8
CVE-2017-1000251 GITLAB HIGH
Linux Kernel <4.14 - RCE
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
by aseyor1
CVSS 8.0
CVE-2017-0785 GITLAB MEDIUM
Android <8.0 - Info Disclosure
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
by Dasey
CVSS 6.5
CVE-2017-1000251 GITLAB HIGH
Linux Kernel <4.14 - RCE
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
by hhao020
CVSS 8.0
CVE-2017-8502 GITLAB HIGH
Microsoft Excel - Memory Corruption
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8501.
by yongchuank
CVSS 7.8
CVE-2017-8692 GITLAB HIGH
Microsoft Windows 10 - Memory Corruption
The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka "Uniscribe Remote Code Execution Vulnerability".
by yongchuank
CVSS 7.5
CVE-2017-0785 GITLAB MEDIUM
Android <8.0 - Info Disclosure
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
by glicOne
CVSS 6.5
CVE-2017-5753 GITLAB MEDIUM
Intel Atom Z < 1.1.7-6941-1 - Information Disclosure
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
by Eugnis
CVSS 5.6
CVE-2017-5715 GITLAB MEDIUM
Intel Atom C < 5.1.32 - Information Disclosure
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
by Eugnis
CVSS 5.6
CVE-2017-0785 GITLAB MEDIUM
Android <8.0 - Info Disclosure
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
by sidhex
CVSS 6.5
CVE-2017-5753 GITLAB MEDIUM
Intel Atom Z < 1.1.7-6941-1 - Information Disclosure
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
by The-Real-TechLord
CVSS 5.6
CVE-2017-5715 GITLAB MEDIUM
Intel Atom C < 5.1.32 - Information Disclosure
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
by The-Real-TechLord
CVSS 5.6
CVE-2017-3599 GITLAB HIGH
MySQL Server <5.6.35, <5.7.17 - DoS
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.
by The-Real-TechLord
CVSS 7.5
CVE-2017-15303 GITLAB HIGH
Cpuid Cpu-z < 1.42 - Out-of-Bounds Write
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41).
by The-Real-TechLord
CVSS 7.8
CVE-2017-5645 GITLAB CRITICAL
Apache Log4j < 2.8.2 - Insecure Deserialization
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
by The-Real-TechLord
CVSS 9.8
CVE-2017-0199 GITLAB HIGH
Microsoft Office Word Malicious Hta Execution
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
by The-Real-TechLord
CVSS 7.8
CVE-2017-1000475 GITLAB HIGH
FreeSSHd <1.3.1 - Privilege Escalation
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
by jlajara
CVSS 7.8
CVE-2017-0781 GITLAB HIGH
Android <8.0 - RCE
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
by anonymous.prodject
CVSS 8.8
CVE-2017-7494 GITLAB CRITICAL
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
by 0x1
CVSS 9.8
CVE-2017-5415 GITLAB MEDIUM
Firefox < 52 - SSRF
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.
by 0x1
CVSS 5.3
CVE-2017-5638 GITLAB CRITICAL
Apache Struts < 2.3.32 - Improper Exception Handling
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
by philaruff
CVSS 9.8
CVE-2017-5638 GITLAB CRITICAL
Apache Struts < 2.3.32 - Improper Exception Handling
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
by HokieGeek
CVSS 9.8
CVE-2017-5638 GITLAB CRITICAL
Apache Struts < 2.3.32 - Improper Exception Handling
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
by sabley1
CVSS 9.8
CVE-2017-6008 GITLAB HIGH
Sophos Hitmanpro < 3.7.20 - Memory Corruption
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
by AntiRootkit1
CVSS 7.8
CVE-2017-11882 GITLAB HIGH
Microsoft Office CVE-2017-11882
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
by Gaojianli
CVSS 7.8
By Source
All 438 Exploitdb 50,123 Writeup 46,591 Nomisec 21,116 Metasploit 3,189 Github 2,221 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,726 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24