Search CVE reports
791 – 800 of 1541 results
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.
1 affected package
gitea
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitea | — | — | — | — | — |
Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| golang-code.gitea-sdk | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| golang-code.gitea-sdk | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| golang-code.gitea-sdk | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| golang-code.gitea-sdk | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| golang-code.gitea-sdk | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries...
1 affected package
golang-github-graph-gophers-graphql-go
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-graph-gophers-graphql-go | Not affected | Not affected | Not affected | Ignored | — |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | — | — | — | — |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read...
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | — | — | — | — |
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site...
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | — | — | — | — |