593 matches found
PT-2025-6519 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.1 through 17.6.4 GitLab CE/EE versions 17.7 through 17.7.3 GitLab CE/EE versions 17.8 through 17.8.1 Description: A denial of service vulnerability exists in GitLab CE/EE. An attacker can impact the availability of...
2N OS 安全漏洞
2N OS is an operating system for access control systems from 2N. A security vulnerability exists in 2N OS that stems from an unfiltered authentication token when logging is enabled. An attacker could exploit the vulnerability to obtain a valid token...
CVE-2022-46156
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...
CVE-2024-21638
Azure IPAM IP Address Management is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assign...
CVE-2024-23657
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...
CVE-2024-52329 ECOVACS HOME mobile app plugins do not properly validate TLS certificates
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...
CVE-2024-52329
CVE-2024-52329 affects ECOVACS HOME mobile app plugins for specific robots, where TLS certificate validation is not properly performed. The underlying issue allows an unauthenticated attacker to read or modify TLS traffic and to obtain authentication tokens. The entry provides CVSS data indicatin...
ECOVACS HOME mobile app plugins 信任管理问题漏洞
The ECOVACS HOME mobile app plugins is a mobile app plugin from ECOVACS, China. A security vulnerability exists in the ECOVACS HOME mobile app plugins that stems from the mobile app plugin not properly validating TLS certificates. An unauthenticated attacker could read or modify TLS traffic and...
Arista NG Firewall 安全漏洞
Arista NG Firewall is a WEB firewall from Arista Corporation. A security vulnerability exists in Arista NG Firewall that originates from a user with administrator privileges being able to retrieve an authentication token...
CVE-2024-40762
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass...
PT-2026-2881
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the SUNRPC component, specifically in the svcauth gss function related to handling zero-length gss token values during the gss read proxy verf...
Mozilla: Netlify Authentication Token Exposed in Public Mozilla CI Logs
A critical vulnerability was discovered involving the exposure of a Netlify authentication token within publicly accessible logs. The token provided full access to the "Mozilla IT Web SRE" Netlify account, bypassing all restrictions. The token's permissions encompassed roles such as Owner,...
Authentication Token Leakage
github.com/cli/go-gh is vulnerable to authentication token leakage. The vulnerability is due to improper handling of authentication tokens, where auth.TokenForHost could source a token from the GITHUBTOKEN environment variable for non-GitHub hosts within a codespace...
Authentication Token Leakage
github.com/cli/cli is vulnerable to authentication token leakage. The vulnerability is due to improper handling of the credential.helper configuration when cloning repositories with git submodules hosted outside of GitHub.com and ghe.com, causing authentication tokens to be exposed...
GO-2024-3295 Violation of GitHub host security boundary when sourcing authentication token within a codespace in github.com/cli/go-gh
Violation of GitHub host security boundary when sourcing authentication token within a codespace in github.com/cli/go-gh...
CVE-2024-53859 go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace
go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...
Security Advisory 0105
Security Advisory 0105 PDF Date: October 29, 2024 Revision | Date | Changes ---|---|--- 1.0 | October 29, 2024 | Initial release Description Multiple vulnerabilities exist for the Arista Edge Threat Management - Arista NG Firewall NGFW: 1 Description : A user with administrator privileges can...
CVE-2024-9677
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...
CVE-2024-9677
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...
CVE-2024-9677
Affected: Zyxel USG FLEX H series devices running uOS firmware v1.21 and earlier. Vulnerable component: CLI commands where credentials are insufficiently protected, enabling an authenticated local attacker to escalate privileges by stealing a login administrator’s authentication token if the admi...