203 matches found
CVE-2021-22194
In all versions of GitLab, marshalled session keys were being stored in Redis...
CVE-2021-22194
In all versions of GitLab, marshalled session keys were being stored in Redis...
CVE-2021-22194
Removed by vendor...
GitLab 安全漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions after...
PT-2021-14905 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab affected versions not specified Description: The issue concerns the storage of marshalled session keys in Redis, affecting all versions of GitLab. Recommendations: At the moment, there is no information about a newer version that...
FreeBSD : Gitlab -- Multiple vulnerabilities (8bf856ea-7df7-11eb-9aad-001b217b3468)
Gitlab reports : JWT token leak via Workhorse Stored XSS in wiki pages Group Maintainers are able to use the Group CI/CD Variables API Insecure storage of GitLab session keys C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD...
Gitlab -- Multiple vulnerabilities
Gitlab reports: JWT token leak via Workhorse Stored XSS in wiki pages Group Maintainers are able to use the Group CI/CD Variables API Insecure storage of GitLab session keys...
GitLab Information Disclosure Vulnerability (CNVD-2021-26078)
GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. GitLab suffer...
UBUNTU-CVE-2020-13344
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis...
PT-2020-13485 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: An issue has been discovered in GitLab where session keys are stored in plain-text in Redis. This allows an attacker with Redis acce...
EulerOS Virtualization for ARM 64 3.0.6.0 : libXdmcp (EulerOS-SA-2020-2034)
According to the version of the libXdmcp package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local...
Ubuntu 20.04 LTS : AWL vulnerability (USN-4539-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4539-1 advisory. Andrew Bartlett discovered that DAViCal Andrew's Web Libraries AWL did not properly manage session keys. An attacker could possibly use this issue to impersonate ...
CVE-2020-10123
The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating...
DAViCal Andrew's Web Libraries Authorization Issues Vulnerability (CNVD-2020-25813)
DAViCal Andrew's Web Libraries AWL is an AWL project that focuses on providing some shared PHP libraries for DAViCal, a calendar sharing server. An authorization issue vulnerability exists in DAViCal AWL version 0.60 and earlier, which stems from a failure of the session management mechanism to u...
PYSEC-2020-230
In Django User Sessions django-user-sessions before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the...
CVE-2019-1384
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'...
CVE-2019-16205
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal...
FreeBSD : libXdmcp -- insufficient entropy generating session keys (1b6a10e9-4b7b-11e9-9e89-54e1ad3d6335)
The freedesktop and x.org project reports : It was discovered that libXdmcp before 1.1.3 used weak entropy to generate session keys on platforms without arc4randombuf but with getentropy. On a multi-user system using xdmcp, a local attacker could potentially use information available from the...
The vulnerability relates to the implementation of the TLS protocol by the Intel Active Management Technology (AMT) subsystem of the Intel Converged Security and Manageability Engine and the Intel Management Engine. This vulnerability allows a attacker to obtain the TLS session key.
The vulnerability of the TLS protocol implementation of the Intel Active Management Technology AMT microprogramming system, Intel Converged Security and Manageability Engine, and Intel Management Engine is due to the lack of security measures in accordance with TLS standards. Exploiting this...
PT-2018-1597 · Intel · Intel Active Management Technology +2
Name of the Vulnerable Software and Affected Versions: Intel Active Management Technology versions prior to 12.0.5 Description: A Bleichenbacher-style side channel vulnerability exists in the TLS implementation of Intel Active Management Technology. This issue may allow an unauthenticated user to...