CVE-2022-2417

MEDIUM Year: 2022
CVSS v3 Score
4.5
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.

Related Vulnerabilities

CVE-2017-10897

MEDIUM
CVSS:4.5(Medium)

Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified ve...

CWE-202017

CVE-2018-21141

MEDIUM
CVSS:4.5(Medium)

Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 b...

CWE-202018

CVE-2020-15936

MEDIUM
CVSS:4.5(Medium)

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information...

CWE-202020

CVE-2015-5208

MEDIUM
CVSS:4.4(Medium)

Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.

CWE-202015

CVE-2015-6839

MEDIUM
CVSS:4.6(Medium)

The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RF...

CWE-202015

CVE-2015-7509

MEDIUM
CVSS:4.4(Medium)

fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.

CWE-202015