54 matches found
Information Disclosure
gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles the /user.keys route. An attacker can exploit this vulnerability to enumerate the usernames of users on the GitLab server, even if the users have not made their usernames public...
The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager connection management controller, and the NGINX Security Monitoring security monitoring platform involve exploiting authentication bypasses through the use of user-controlled keys. This allows attackers to circumvent security restrictions and gain access to read, modify, or delete data.
The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager, and the NGINX Security Monitoring platform involve exploiting authentication mechanisms by using user-controlled keys. Exploitation of these vulnerabilities could allow an attacker to bypass...
UBUNTU-CVE-2021-22257
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user...
PT-2021-14919 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 14.0 through 14.0.8 GitLab versions 14.1 through 14.1.3 GitLab versions 14.2 through 14.2.1 Description: An issue has been discovered in GitLab where the route for "/user.keys" is not restricted on instances with public...
GitLab Information Disclosure Vulnerability (CNVD-2022-23495)
GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab is vulnerable to an information disclosure vulnerability caused by an unrestricted instance of the application's "/user.keys" route that disables public visibility...
GitLab 信息泄露漏洞
GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab is vulnerable to an information disclosure vulnerability caused by an unrestricted instance of the application's "/user.keys" route that disables public visibility...
Microsoft Windows: System Cryptography: Force strong key protection
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winscstrongkeyprotect.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for System cryptography: Force strong key protection for user keys stored on the computer Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...
USN-2869-1 openssh vulnerabilities
It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server, including private client user keys...
Kernel: keys: race condition in install_user_keyrings()
Race condition in the installuserkeyrings function in security/keys/processkeys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service NULL pointer dereference and system crash via crafted keyctl system calls that trigger keyring operations in simultaneous threads...
Ubuntu Update for openssh vulnerability USN-612-2
Ubuntu Update for Linux kernel vulnerabilities USN-612-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN6122.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for openssh vulnerability USN-612-2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Debian: Security Advisory (DSA-1576-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
------------------------------------------------------------------------ Debian Security Advisory DSA-1576-1 [email protected] http://www.debian.org/security/ Florian Weimer May 14, 2008 http://www.debian.org/security/faq -...
DSA-1576-1 openssh openssh-blacklist - predictable randomness
Bulletin has no description...
Проблема в SSH1
закрытые ключи пользователя шифруются легко угадываемой ключевой фразой...