PT-2020-18811 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 11.6.1 through 11.6.5.2 F5 BIG-IP versions 12.1.0 through 12.1.5.1 F5 BIG-IP versions 13.1.0 through 13.1.3.4 F5 BIG-IP versions 14.1.0 through 14.1.2.3 F5 BIG-IP versions 15.0.0 through 15.1.0.1 Description: The issue aris...

Improper Check for Certificate Revocation (FG-IR-19-144)

The remote host is affected by an improper check for certificate revocation vulnerability. Certificates taken out of service could potentially be improperly re-used. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid139546; scriptversion"1.2";...

Improper Check for Certificate Revocation (FG-IR-19-144)

The remote host is affected by an improper check for certificate revocation vulnerability. Certificates taken out of service could potentially be improperly re-used. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid139547; scriptversion"1.4";...

Design/Logic Flaw

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application...

UBUNTU-CVE-2020-13294

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application...

CVE-2020-13294

CVE-2020-13294 affects GitLab before 13.0.12, 13.1.6, and 13.2.3, where access grants were not revoked when a user revoked access to an application. This could allow continued access after revocation. Remediation: upgrade GitLab to a version where this is fixed (e.g., 13.2.3 or later). Exploitati...

PT-2020-13435 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue arises when access grants are not revoked after a user has revoked access to an application. This could potentially lead t...

Unspecified Vulnerability in RIPE NCC RPKI Validator

RIPE NCC RPKI Validator is an RPKI validator from RIPE NCC in the Netherlands. A security vulnerability exists in RIPE NCC RPKI Validator version 3.x up to version 3.1-2020.07.06.14.28, which stems from the program not checking for the presence or failure of a CRL. A remote attacker could exploit...

FreeBSD : Gitlab -- Multiple Vulnerabilities (a003b74f-d7b3-11ea-9df1-001b217b3468)

Gitlab reports : Arbitrary File Read when Moving an Issue Memory Exhaustion via Excessive Logging of Invite Email Error Denial of Service Through Project Import Feature User Controlled Git Configuration Settings Resulting in SSRF Stored XSS in Issue Reference Number Tooltip Stored XSS in Issues...

PT-2020-14928 · Nlnet · Routinator

Name of the Vulnerable Software and Affected Versions: NLnet Labs Routinator versions 0.1.0 through 0.7.1 Description: An issue allows remote attackers to bypass intended access restrictions or cause a denial of service on dependent routing systems. This is achieved by strategically withholding...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Arbitrary File Read when Moving an Issue Memory Exhaustion via Excessive Logging of Invite Email Error Denial of Service Through Project Import Feature User Controlled Git Configuration Settings Resulting in SSRF Stored XSS in Issue Reference Number Tooltip Stored XSS in Issues Li...

Vulnerabilities fixed in GRUB2

Researchers have found multiple vulnerabilities in GRUB2. The vulnerability with reference CVE-2020-10713 has been named "Boothole." assigned. This vulnerability allows a malicious person with physical access to the system or a malicious person with administrator privileges able to execute...

CVE-2020-16164

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509...

Code injection

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509...

PT-2020-14786 · Ripe Ncc · Ripe Ncc Rpki Validator

Name of the Vulnerable Software and Affected Versions: RIPE NCC RPKI Validator versions 3.x through 3.1-2020.07.06.14.28 Description: The issue allows remote attackers to bypass intended access restrictions or cause a denial of service on dependent routing systems by strategically withholding RPK...

PT-2020-14784 · Ripe Ncc · Ripe Ncc Rpki Validator

Name of the Vulnerable Software and Affected Versions: RIPE NCC RPKI Validator versions 3.x through 3.1-2020.07.06.14.28 Description: An issue was discovered in the X509-based RPKI certificate-tree validation procedure, where missing validation checks on CRL presence or CRL staleness allow remote...

GRUB2 bootloader is vulnerable to buffer overflow

Overview The GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled. Description GRUB2 is a multiboot boot loader that replaced GRUB Legacy in 2012. A boot loader is the first program that runs upon...

CVE-2014-1422

In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in...

CVE-2014-1422

The CVE-2014-1422 issue affects Ubuntu’s trust-store component. It causes location permissions revocation to be ineffective because the cache of permissions is honored based on an incorrect ordering and not by creation time, due to the Select struct in src/core/trust/impl/sqlite3/store.cpp. Pract...

CVE-2014-1422 Location service uses cached authorization even after revocation

In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in...