Total
1780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22389 | 1 Huawei | 2 Emui, Magic Ui | 2024-08-03 | 9.8 Critical |
| There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. | ||||
| CVE-2021-22262 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.4 Medium |
| Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page | ||||
| CVE-2021-22256 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.4 Medium |
| Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status | ||||
| CVE-2021-22211 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.1 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling. | ||||
| CVE-2021-22240 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.2 Medium |
| Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | ||||
| CVE-2021-22243 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5 Medium |
| Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | ||||
| CVE-2021-22239 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5 Medium |
| An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. | ||||
| CVE-2021-22209 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed. | ||||
| CVE-2021-22253 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.9 Medium |
| Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed | ||||
| CVE-2021-22247 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | ||||
| CVE-2021-22251 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings | ||||
| CVE-2021-22236 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.5 Medium |
| Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. | ||||
| CVE-2021-22186 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.9 Medium |
| An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners | ||||
| CVE-2021-22176 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests | ||||
| CVE-2021-22042 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-08-03 | 7.8 High |
| VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user. | ||||
| CVE-2021-22134 | 2 Elastic, Oracle | 2 Elasticsearch, Communications Cloud Native Core Automated Test Suite | 2024-08-03 | 4.3 Medium |
| A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view. | ||||
| CVE-2021-22119 | 3 Oracle, Redhat, Vmware | 3 Communications Cloud Native Core Policy, Jboss Fuse, Spring Security | 2024-08-03 | 7.5 High |
| Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. | ||||
| CVE-2021-22051 | 1 Vmware | 1 Spring Cloud Gateway | 2024-08-03 | 6.5 Medium |
| Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer. | ||||
| CVE-2021-22113 | 1 Vmware | 1 Spring Cloud Netflix Zuul | 2024-08-03 | 5.3 Medium |
| Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing. | ||||
| CVE-2021-21725 | 1 Zte | 2 Zxhn H196q, Zxhn H196q Firmware | 2024-08-03 | 5.7 Medium |
| A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2. | ||||