Log

AVG-2048 created at 08 Jun 2021 20:11:32
Packages
+ ming
Issues
+ CVE-2021-34338
+ CVE-2021-34339
+ CVE-2021-34340
+ CVE-2021-34341
+ CVE-2021-34342
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 0.4.8.r68.g04aee523-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-34340 created at 08 Jun 2021 20:11:32
AVG-2048 created at 08 Jun 2021 20:11:32
Packages
+ ming
Issues
+ CVE-2021-34338
+ CVE-2021-34339
+ CVE-2021-34340
+ CVE-2021-34341
+ CVE-2021-34342
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 0.4.8.r68.g04aee523-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-34339 created at 08 Jun 2021 20:11:32
AVG-2048 created at 08 Jun 2021 20:11:32
Packages
+ ming
Issues
+ CVE-2021-34338
+ CVE-2021-34339
+ CVE-2021-34340
+ CVE-2021-34341
+ CVE-2021-34342
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 0.4.8.r68.g04aee523-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-34342 created at 08 Jun 2021 20:11:32
AVG-2048 created at 08 Jun 2021 20:11:32
Packages
+ ming
Issues
+ CVE-2021-34338
+ CVE-2021-34339
+ CVE-2021-34340
+ CVE-2021-34341
+ CVE-2021-34342
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 0.4.8.r68.g04aee523-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-34341 created at 08 Jun 2021 20:11:32
AVG-2047 created at 08 Jun 2021 17:12:11
Packages
+ dotnet-runtime-3.1
+ dotnet-sdk-3.1
Issues
+ CVE-2021-31957
Status
+ Vulnerable
Severity
+ Medium
Affected
+ 3.1.15.sdk115-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-2046 edited at 08 Jun 2021 17:10:58
Severity
- Unknown
+ Medium
CVE-2021-31957 edited at 08 Jun 2021 17:10:58
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A denial of service vulnerability exists in .NET 5.0 before Runtime 5.0.7 and SDK 5.0.204 as well as .NET Core 3.1 before Runtime 3.1.16 and SDK 3.1.116 in ASP.NET.
References
+ https://github.com/dotnet/announcements/issues/189
Notes
AVG-2046 created at 08 Jun 2021 17:07:37
Packages
+ dotnet-runtime
+ dotnet-sdk
Issues
+ CVE-2021-31957
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 5.0.6.sdk203-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-31957 created at 08 Jun 2021 17:07:37
AVG-2045 created at 08 Jun 2021 17:02:09
Packages
+ gitlab
Issues
+ CVE-2021-22215
Status
+ Not affected
Severity
+ High
Affected
+ 13.11.3-1
Fixed
+ 13.12.2-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2021-22220 edited at 08 Jun 2021 17:01:33
Description
- An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored cross-site scripting (XSS) attack in blob viewer of notebooks.
+ An issue has been discovered in GitLab affecting all versions starting with 13.10 before 13.12.2. GitLab was vulnerable to a stored cross-site scripting (XSS) attack in blob viewer of notebooks.
References
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/294128
https://hackerone.com/reports/1060114
CVE-2021-22219 edited at 08 Jun 2021 17:01:21
Description
- GitLab CE/EE since version 9.5 allows a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
+ GitLab CE/EE since version 9.5 before 13.12.2 allows a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
References
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/296995