142 matches found
CVE-2021-39943
Removed by vendor...
PT-2022-11091 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.1 through 14.3.5 GitLab EE versions 14.4 through 14.4.3 GitLab EE versions 14.5 through 14.5.1 Description: An authorization logic error in the External Status Check API allowed a user to update the status of the check v...
DRUPAL-CONTRIB-2022-001
This module enables you to login with an email address. The module doesn't sufficiently check if a user account is active when using email login. This vulnerability is mitigated by the fact that an attacker must have an account in the website that is blocked...
Collateral can be deposited in a finished pool
Handle pedroais Vulnerability details Proof of Concept The depositCollateral function doesn't check the status of the pool so collateral can be deposited in a finished loan. This can happen by mistake and all funds will be lost. Recommended Mitigation Steps Require loan status to be collection or...
CVE-2021-39916
Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....
Design/Logic Flaw
Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....
CVE-2021-39916
Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....
UBUNTU-CVE-2021-39916
Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....
CVE-2021-39916
The CVE-2021-39916 entry describes a lack of an access control check in GitLab EE’s External Status Check feature, enabling any authenticated user to retrieve the configuration of any External Status Check. Affected versions are 14.1–14.3.5, 14.4 before 14.4.4, and 14.5 before 14.5.2. The root ca...
CVE-2021-39916
Removed by vendor...
PT-2021-22762 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.1 through 14.3.5 GitLab EE versions 14.4 through 14.4.3 GitLab EE versions 14.5 through 14.5.1 Description: The issue is related to a lack of access control check in the External Status Check feature, allowing any...
GitLab: IDOR in "external status check" API leaks data about any status check on the instance
Summary The API endpoint for returning approval from an external status check contains an IDOR that lets a user list information about all external status checks on the GitLab instance. The feature is an Ultimate feature, but can be accessed by starting an Ultimate trial on GitLab.com. So the...
ERROR: Operation not permitted - no FIPS card present in the system
Attempting to check FIPS status on the Citrix ADC MPX 8900 FIPS certified appliance or the Citrix ADC MPX 15000-50G FIPS certified appliance using the show fips command results in the error message "ERROR: Operation not permitted - no FIPS card present in the system."...
Unnamed vulnerability in Samsung mobile devices
Samsung mobile devices is a cell phone application from Samsung South Korea. It provides a communication function. A security vulnerability exists in Samsung mobile devices prior to SMR Mar-2021 Release 1, which stems from an incorrect lock screen status check. No details of the vulnerability are...
HAXX libcurl 信任管理问题漏洞
Haxx libcurl is an open source client-side URL transport library from the Swedish company Haxx. It supports protocols such as FTP, SFTP, TFTP and HTTP. Haxx libcurl suffers from a trust management issue vulnerability that can be exploited by an attacker to act as a man-in-the-middle by performing...
PYSEC-2020-271
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...
PYSEC-2020-272
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods ca...
PT-2020-14263 · Google +1 · Tensorflow +1
Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1 Description: The issue occurs when a user passes a list of strings to dlpack.to dlpack, resulting in a memory leak following an expected validation failure. This happens...
PT-2020-14262 · Google +1 · Tensorflow +1
Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1 Description: The issue arises when a user passes an invalid argument to dlpack.to dlpack, causing variables to bind to nullptr while setting a status variable to the error...
QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routine. A remote user could use this flaw to crash the QEMU process,...