CVE-2021-39895

MEDIUM Year: 2021
CVSS v3 Score
4.5
Medium
CVSS v2 Score
2.1
Low
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.

Related Vulnerabilities

CVE-2016-3429

MEDIUM
CVSS:4.5(Medium)

Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidential...

NVD-CWE-Other2016

CVE-2016-8287

MEDIUM
CVSS:4.5(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.

NVD-CWE-Other2016

CVE-2017-10003

MEDIUM
CVSS:4.5(Medium)

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supported version that is affected is 10. Difficult to exploit vulnerability a...

NVD-CWE-Other2017

CVE-2017-15525

MEDIUM
CVSS:4.5(Medium)

Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or...

NVD-CWE-Other2017

CVE-2018-21142

MEDIUM
CVSS:4.5(Medium)

Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 b...

NVD-CWE-Other2018

CVE-2018-21159

MEDIUM
CVSS:4.5(Medium)

NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect configuration of security settings.

NVD-CWE-Other2018