Lucene search
+L

203 matches found

UbuntuCve
UbuntuCve
added 2021/03/26 8:15 p.m.35 views

CVE-2021-22194

In all versions of GitLab, marshalled session keys were being stored in Redis...

5.7CVSS6AI score0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/03/26 7:8 p.m.25 views

CVE-2021-22194

In all versions of GitLab, marshalled session keys were being stored in Redis...

5.7CVSS5.8AI score0.00189EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/03/26 7:8 p.m.24 views

CVE-2021-22194

Removed by vendor...

5.7CVSS6AI score0.00189EPSS
Exploits0
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.4 views

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions after...

5.7CVSS5.6AI score0.00189EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/03/26 12:0 a.m.4 views

PT-2021-14905 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab affected versions not specified Description: The issue concerns the storage of marshalled session keys in Redis, affecting all versions of GitLab. Recommendations: At the moment, there is no information about a newer version that...

5.7CVSS4.8AI score0.00189EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/03/08 12:0 a.m.27 views

FreeBSD : Gitlab -- Multiple vulnerabilities (8bf856ea-7df7-11eb-9aad-001b217b3468)

Gitlab reports : JWT token leak via Workhorse Stored XSS in wiki pages Group Maintainers are able to use the Group CI/CD Variables API Insecure storage of GitLab session keys C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD...

5.4CVSS4.8AI score0.00861EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2021/03/04 12:0 a.m.29 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: JWT token leak via Workhorse Stored XSS in wiki pages Group Maintainers are able to use the Group CI/CD Variables API Insecure storage of GitLab session keys...

5.4CVSS3AI score0.00861EPSS
Exploits0References1
CNVD
CNVD
added 2020/10/10 12:0 a.m.12 views

GitLab Information Disclosure Vulnerability (CNVD-2021-26078)

GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. GitLab suffer...

5.7CVSS5.9AI score0.00344EPSS
Exploits0References1
OSV
OSV
added 2020/10/08 2:15 p.m.4 views

UBUNTU-CVE-2020-13344

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis...

5.7CVSS5.8AI score0.00344EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/10/08 12:0 a.m.8 views

PT-2020-13485 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: An issue has been discovered in GitLab where session keys are stored in plain-text in Redis. This allows an attacker with Redis acce...

5.7CVSS4.6AI score0.00344EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2020/09/29 12:0 a.m.29 views

EulerOS Virtualization for ARM 64 3.0.6.0 : libXdmcp (EulerOS-SA-2020-2034)

According to the version of the libXdmcp package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local...

6.5CVSS6.4AI score0.00534EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2020/09/25 12:0 a.m.25 views

Ubuntu 20.04 LTS : AWL vulnerability (USN-4539-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4539-1 advisory. Andrew Bartlett discovered that DAViCal Andrew's Web Libraries AWL did not properly manage session keys. An attacker could possibly use this issue to impersonate ...

7.5CVSS7.8AI score0.01588EPSS
Exploits0References2
OSV
OSV
added 2020/08/21 9:15 p.m.5 views

CVE-2020-10123

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating...

5.3CVSS6.1AI score0.00436EPSS
Exploits1References6
CNVD
CNVD
added 2020/04/16 12:0 a.m.4 views

DAViCal Andrew's Web Libraries Authorization Issues Vulnerability (CNVD-2020-25813)

DAViCal Andrew's Web Libraries AWL is an AWL project that focuses on providing some shared PHP libraries for DAViCal, a calendar sharing server. An authorization issue vulnerability exists in DAViCal AWL version 0.60 and earlier, which stems from a failure of the session management mechanism to u...

7.5CVSS7AI score0.01588EPSS
Exploits0References1
PyPA
PyPA
added 2020/01/24 8:15 p.m.8 views

PYSEC-2020-230

In Django User Sessions django-user-sessions before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the...

8.8CVSS6.3AI score0.00439EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/11/12 7:15 p.m.2 views

CVE-2019-1384

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'...

9.9CVSS7.3AI score0.06112EPSS
Exploits0References1
OSV
OSV
added 2019/11/08 6:15 p.m.4 views

CVE-2019-16205

A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal...

8.8CVSS7.3AI score0.01293EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/03/21 12:0 a.m.28 views

FreeBSD : libXdmcp -- insufficient entropy generating session keys (1b6a10e9-4b7b-11e9-9e89-54e1ad3d6335)

The freedesktop and x.org project reports : It was discovered that libXdmcp before 1.1.3 used weak entropy to generate session keys on platforms without arc4randombuf but with getentropy. On a multi-user system using xdmcp, a local attacker could potentially use information available from the...

6.5CVSS6.4AI score0.00534EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2018/10/05 12:0 a.m.6 views

The vulnerability relates to the implementation of the TLS protocol by the Intel Active Management Technology (AMT) subsystem of the Intel Converged Security and Manageability Engine and the Intel Management Engine. This vulnerability allows a attacker to obtain the TLS session key.

The vulnerability of the TLS protocol implementation of the Intel Active Management Technology AMT microprogramming system, Intel Converged Security and Manageability Engine, and Intel Management Engine is due to the lack of security measures in accordance with TLS standards. Exploiting this...

7.4CVSS5.5AI score0.02388EPSS
Exploits0References8Affected Software11
Positive Technologies
Positive Technologies
added 2018/09/12 12:0 a.m.3 views

PT-2018-1597 · Intel · Intel Active Management Technology +2

Name of the Vulnerable Software and Affected Versions: Intel Active Management Technology versions prior to 12.0.5 Description: A Bleichenbacher-style side channel vulnerability exists in the TLS implementation of Intel Active Management Technology. This issue may allow an unauthenticated user to...

7.1CVSS6.1AI score0.02388EPSS
Exploits0References12
Rows per page
Query Builder