CVE-2018-3710
- EPSS 2.9%
- Veröffentlicht 21.03.2018 20:29:01
- Zuletzt bearbeitet 21.11.2024 04:05:55
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
CVE-2017-0915
- EPSS 5.71%
- Veröffentlicht 21.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:03:53
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
CVE-2017-0916
- EPSS 5.71%
- Veröffentlicht 21.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:03:53
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
CVE-2017-0917
- EPSS 1.3%
- Veröffentlicht 21.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:03:53
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
CVE-2017-0918
- EPSS 4.61%
- Veröffentlicht 21.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:03:53
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
CVE-2017-0925
- EPSS 0.9%
- Veröffentlicht 21.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:03:54
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.
CVE-2017-0926
- EPSS 1.46%
- Veröffentlicht 21.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:03:54
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
CVE-2017-18241
- EPSS 0.42%
- Veröffentlicht 21.03.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:39
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
CVE-2018-8828
- EPSS 31.34%
- Veröffentlicht 20.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:24
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_p...
CVE-2018-8822
- EPSS 0.53%
- Veröffentlicht 20.03.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:23
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicio...