|
257121
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2017-0923
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257122
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
|
CWE-863
Incorrect Authorization
|
CVE-2017-0922
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257123
|
8.8 |
HIGH
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
|
CWE-22
Path Traversal
|
CVE-2017-0918
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257124
|
6.1 |
MEDIUM
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
|
CWE-79
CWE-20
Cross-site Scripting
Improper Input Validation
|
CVE-2017-0917
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257125
|
9.8 |
CRITICAL
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
|
CWE-20
Improper Input Validation
|
CVE-2017-0916
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257126
|
9.8 |
CRITICAL
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
|
CWE-20
Improper Input Validation
|
CVE-2017-0915
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257127
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's d…
|
CWE-89
SQL Injection
|
CVE-2017-0914
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257128
|
5.4 |
MEDIUM
Network
|
twitter
|
twitter_kit
|
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step …
|
CWE-287
Improper Authentication
|
CVE-2017-0911
|
2024-11-21 12:03 |
2018-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257129
|
7.5 |
HIGH
Network
|
google
|
android
|
In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a cr…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-0855
|
2024-11-21 12:03 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257130
|
7.5 |
HIGH
Network
|
google
|
android
|
An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.
|
CWE-200
Information Exposure
|
CVE-2017-0846
|
2024-11-21 12:03 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
