Export limit exceeded: 34935 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34935 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22298 | 1 Huawei | 1 Manageone | 2024-11-21 | 6.5 Medium |
| There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090. | ||||
| CVE-2021-22296 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.5 Medium |
| A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system. | ||||
| CVE-2021-22294 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 3.3 Low |
| A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources. | ||||
| CVE-2021-22292 | 1 Huawei | 2 Ecns280, Ecns280 Firmware | 2024-11-21 | 7.5 High |
| There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. | ||||
| CVE-2021-22272 | 2 Abb, Busch-jaeger | 2 Mybuildings, Mybusch-jaeger | 2024-11-21 | 6.5 Medium |
| The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch | ||||
| CVE-2021-22264 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.8 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after the invited group, which the member was part of, is deleted. | ||||
| CVE-2021-22259 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API. | ||||
| CVE-2021-22258 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses | ||||
| CVE-2021-22257 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances. | ||||
| CVE-2021-22231 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. | ||||
| CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 Medium |
| Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | ||||
| CVE-2021-22229 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.9 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. | ||||
| CVE-2021-22226 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 | ||||
| CVE-2021-22215 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects | ||||
| CVE-2021-22203 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. | ||||
| CVE-2021-22201 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.6 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. | ||||
| CVE-2021-22200 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.9 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. | ||||
| CVE-2021-22198 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. | ||||
| CVE-2021-22192 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.9 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | ||||
| CVE-2021-22188 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs. | ||||