Search CVE reports
781 – 790 of 1533 results
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone...
1 affected package
git
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| git | — | Ignored | Ignored | Ignored |
An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2,...
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | — |
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.
1 affected package
gitea
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitea | — | — | — | — |
Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-code.gitea-sdk | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-code.gitea-sdk | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-code.gitea-sdk | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-code.gitea-sdk | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-code.gitea-sdk | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries...
1 affected package
golang-github-graph-gophers-graphql-go
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-graph-gophers-graphql-go | Not affected | Not affected | Needs evaluation | — |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | — | — | — |