CVE-2020-13299

Removed by vendor...

CVE-2020-13299

Summary: CVE-2020-13299 affects GitLab versions before 13.1.10, 13.2.8, and 13.3.4. The revocation feature did not revoke all session tokens, allowing reuse to obtain a valid session. What is affected: GitLab deployments running any of the affected version ranges. Root cause (as described): Incom...

PT-2020-13443 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered that allows a malicious user to access a user account with an old password under certain conditions,...

PT-2020-13440 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered where the revocation feature was not revoking all session tokens, allowing them to be re-used to obta...

CVE-2020-25276

An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate...

CVE-2020-25276

An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate...

Authentication flaw

An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate...

CVE-2020-25276

PrimeKey EJBCA 6.x and 7.x prior to 7.4.1 is affected. When enrolling via EST using a client certificate, revocation checks are not performed on that certificate, only impacting systems with EST configured and where the revoked certificate is in a role authorized to enroll new end entities. Remed...

CVE-2020-25276

An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate...

CVE-2020-16228

In Patient Information Center iX PICiX Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate...

CVE-2020-16228

In Patient Information Center iX PICiX Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate...

CVE-2020-16228 Philips Patient Monitoring Devices Improper Check for Certificate Revocation

In Patient Information Center iX PICiX Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate...

CVE-2020-16228

CVE-2020-16228 affects Philips PICiX (PIC iX) Versions C.02/C.03, PerformanceBridge Focal Point A.01, IntelliVue monitors MX100/MX400-MX850 and MP2-MP90, and IntelliVue X3 Versions N and prior. The issue is improper or missing certificate revocation checking, which may cause the device to trust a...

PT-2020-14827 · Philips · Patient Information Center Ix +2

Name of the Vulnerable Software and Affected Versions: Patient Information Center iX PICiX versions C.02 and C.03 PerformanceBridge Focal Point version A.01 IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850 IntelliVue X3 versions N and prior Description: The software does not check or...

PT-2020-16057 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions 6.x through 7.4.0 Description: An issue was discovered where no revocation check is performed on a client certificate when enrolling over the EST protocol. This can affect systems with EST configured, using client...

revocation-of-power-of-attorney.com Cross Site Scripting vulnerability OBB-1308534

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

FreeBSD : Gitlab -- multiple vulnerabilities (1fb13175-ed52-11ea-8b93-001b217b3468)

Gitlab reports : Vendor Cross-Account Assume-Role Attack Stored XSS on the Vulnerability Page Outdated Job Token Can Be Reused to Access Unauthorized Resources File Disclosure Via Workhorse File Upload Bypass Unauthorized Maintainer Can Edit Group Badge Denial of Service Within Wiki Functionality...

PT-2021-6689 · Arm +2 · Arm Mbed Tls +2

Name of the Vulnerable Software and Affected Versions: Arm Mbed TLS versions prior to 2.24.0 Description: The issue is related to the incorrect use of a revocationDate check when deciding whether to honor certificate revocation via a CRL. This can be exploited by an attacker in certain situations...

Malicious Package in eslint-config-eslint

Version 5.0.2 of eslint-config-eslint was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to a remote server. Recommendation The best course of action if you found this package installed i...

CVE-2020-5913

In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the...