109 matches found
CVE-2021-38436
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2021-38434
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code...
CVE-2021-38442
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process...
GitLab Enterprise Edition 信息泄露漏洞
GitLab Enterprise Edition is a content management system GitLab is a self-hosted Git version control system project repository application developed by GitLab, Inc. using Ruby on Rails. The program can be used to access the contents of a project's files, commit history, bug lists, and more. An...
Horner Automation Cscape 缓冲区错误漏洞
Horner Automation Cscape is a suite of programming software for industrial control system development from Horner Automation. Horner Automation Cscape suffers from a buffer error vulnerability that stems from a lack of proper validation of user-supplied data by the affected application when parsi...
PT-2021-21366 · Knx Ets · Knx Ets
Name of the Vulnerable Software and Affected Versions: KNX ETS versions 5 through 5.7.6 Description: The issue allows local users to read project information due to the use of a hard-coded password ETS5Password with a salt value of Ivan Medvedev. This problem is specific to products that are no...
PT-2021-6759 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.11.6 GitLab versions 13.12 through 13.12.5 GitLab versions 14.0 through 14.0.1 Description: An issue has been discovered in GitLab related to improper access control when using GraphQL, allowing unauthorized users ...
PT-2021-6696 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.10 and later Description: The issue is related to an information disclosure problem, where a lack of access control checking allows a remote attacker to gain access to confidential data. This enables a user to read proje...
GitLab Authorization Issues Vulnerability (CNVD-2020-63398)
GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. A security...
GitLab Information Disclosure Vulnerability (CNVD-2020-01232)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab,...
GitLab CE/EE Access Control Error Vulnerability (CNVD-2020-03780)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An access control error vulnerability exists in GitLab...
SAP Portfolio and Project Management Information Disclosure Vulnerability
SAP Portfolio and Project Management PPM is a suite of asset portfolio and project management software from SAP. The software supports the management of the entire project lifecycle, identifying project exceptions and risks, and reporting on project performance based on real-time data. An...
GitLab has an unspecified vulnerability (CNVD-2019-42897)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...
CVE-2019-14957
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vimsettings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository...
CVE-2019-14957
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vimsettings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository...
Design/Logic Flaw
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vimsettings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository...
CVE-2019-14957
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vimsettings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Project Template Functionality Could Be Used to Access Restricted Project Data Security Enhancements in GitLab Pages...
GitLab CE/EE Information Disclosure Vulnerability (CNVD-2019-32228)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...
The vulnerability of Siemens LOGO!8 BM programmable logic controller’s microprogramming software lies in the presence of pre-installed encryption keys, which allow attackers to decrypt the project data.
The vulnerability of Siemens LOGO!8 BM programmable logic controller’s microprogramming software is related to the presence of pre-installed encryption keys. Exploiting this vulnerability allows an attacker to decrypt project data using port 10005/TCP...