Writeup Exploits
60,708 exploits tracked across all sources.
GitLab < 11.8.9, 11.9.x < 11.9.10, 11.10.x < 11.10.2 - Cross-Site Scripting via Merge Request Notification Email
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues.
CVSS 6.1
GitLab <11.8.9-11.10.2 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge.
CVSS 5.3
GitLab CE <11.9.10, <11.10.2 - Info Disclosure
An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.
CVSS 4.3
GitLab <11.8.9-11.10.2 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events.
CVSS 4.3
GitLab < 11.7.11, 11.8.x < 11.8.7, 11.9.x < 11.9.7 - Information Disclosure
An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.
CVSS 6.5
GitLab < 11.7.10, 11.8.x < 11.8.6, 11.9.x < 11.9.4 - Resource Consumption via .gitlab-ci.yml
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.
CVSS 7.5
GitLab <11.7.8, <11.8.4, <11.9.2 - Open Redirect
An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.
CVSS 6.1
GitLab Community/E Enterprise <11.7.8-11.9.2 - Info Disclosure
An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.
CVSS 4.3
GitLab < 11.7.8, 11.8.x < 11.8.4, 11.9.x < 11.9.2 - Insecure Permissions in Releases Feature
An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.
CVSS 6.5
GitLab <11.7.8, <11.8.x <11.8.4, <11.9.x <11.9.2 - Info Disclosure
An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way, potentially exposing data.
CVSS 7.5
GitLab <11.7.8-11.9.2 - Uncontrolled Resource Consumption
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption.
CVSS 7.5
GitLab <11.7.8-11.9.2 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.
CVSS 7.5
GitLab < 11.7.8, 11.8.x < 11.8.4, 11.9.x < 11.9.2 - Stored Cross-Site Scripting in Merge Request Conflicts Page
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.
CVSS 5.4
GitLab <11.7.8, <11.8.4, <11.9.2 - Privilege Escalation
An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials.
CVSS 6.5
GitLab <11.7.8, <11.8.x <11.8.4, <11.9.x <11.9.2 - Info Disclosure
An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).
CVSS 5.3
GitLab < 11.7.8, 11.8.x < 11.8.4, 11.9.x < 11.9.2 - Incorrect Access Control for Private Project Labels
An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.
CVSS 5.4
GNU libidn2 < 2.2.0 - Domain Impersonation via Punycode Unicode Conversion Bypass
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.
CVSS 7.5
bzip2 < 1.0.6 - Out-of-bounds Write in BZ2_decompress
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVSS 9.8
Doomseeker 1.1-1.2 - Denial of Service via SRB2 Plugin IP Packet Length Handling
A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker. The issue has been remediated in the Doomseeker 1.3 release with source code patches to the SRB2 plugin.
CVSS 5.3
libosinfo 1.5.0 - Local Credential Exposure via Command-Line Argument
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
CVSS 7.8
Butor Portal < 1.0.27 - Path Traversal & Arbitrary File Download via WhiteLabelingServlet
Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not properly sanitize user input on the theme t parameter before reusing it in a path. This path is then used without validation to fetch a file and return its raw content to the user via the /wl?t=../../...&h= substring followed by a filename.
CVSS 7.5
Das U-Boot < 2019.07 - Stack-Based Buffer Overflow in NFS Handler
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
CVSS 9.8
Das U-Boot < 2019.07 - Stack-Based Buffer Overflow in NFS Mount Reply Handler
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
CVSS 9.8
Das U-Boot < 2019.07 - Stack-Based Buffer Overflow in NFS Readlink Reply Handler
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
CVSS 9.8
Das U-Boot < 2019.07 - Stack-Based Buffer Overflow in NFS Lookup Reply Handler
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
CVSS 9.8
By Source