Lucene search
+L

54 matches found

veracode
veracode
added 2023/08/06 2:38 p.m.17 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles the /user.keys route. An attacker can exploit this vulnerability to enumerate the usernames of users on the GitLab server, even if the users have not made their usernames public...

5.3CVSS6.3AI score0.00908EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2023/05/17 12:0 a.m.9 views

The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager connection management controller, and the NGINX Security Monitoring security monitoring platform involve exploiting authentication bypasses through the use of user-controlled keys. This allows attackers to circumvent security restrictions and gain access to read, modify, or delete data.

The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager, and the NGINX Security Monitoring platform involve exploiting authentication mechanisms by using user-controlled keys. Exploitation of these vulnerabilities could allow an attacker to bypass...

8.5CVSS7.7AI score0.00528EPSS
Exploits0References3Affected Software3
osv
osv
added 2021/10/05 2:15 p.m.3 views

UBUNTU-CVE-2021-22257

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user...

5.3CVSS5.7AI score0.00908EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2021/10/05 12:0 a.m.5 views

PT-2021-14919 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 14.0 through 14.0.8 GitLab versions 14.1 through 14.1.3 GitLab versions 14.2 through 14.2.1 Description: An issue has been discovered in GitLab where the route for "/user.keys" is not restricted on instances with public...

5.3CVSS4.9AI score0.00908EPSS
Exploits0References10
cnvd
cnvd
added 2021/09/07 12:0 a.m.19 views

GitLab Information Disclosure Vulnerability (CNVD-2022-23495)

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab is vulnerable to an information disclosure vulnerability caused by an unrestricted instance of the application's "/user.keys" route that disables public visibility...

5.3CVSS3.1AI score0.00908EPSS
Exploits0References1
cnnvd
cnnvd
added 2021/09/01 12:0 a.m.6 views

GitLab 信息泄露漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab is vulnerable to an information disclosure vulnerability caused by an unrestricted instance of the application's "/user.keys" route that disables public visibility...

5.3CVSS5.7AI score0.00908EPSS
Exploits0References5
openvas
openvas
added 2018/06/12 12:0 a.m.202 views

Microsoft Windows: System Cryptography: Force strong key protection

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winscstrongkeyprotect.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for System cryptography: Force strong key protection for user keys stored on the computer Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...

7.3AI score
Exploits0
osv
osv
added 2016/01/14 3:36 p.m.13 views

USN-2869-1 openssh vulnerabilities

It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server, including private client user keys...

8.1CVSS7AI score0.63468EPSS
Exploits3References3
redhat
redhat
added 2013/05/20 4:44 p.m.5 views

Kernel: keys: race condition in install_user_keyrings()

Race condition in the installuserkeyrings function in security/keys/processkeys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service NULL pointer dereference and system crash via crafted keyctl system calls that trigger keyring operations in simultaneous threads...

4.7CVSS7.2AI score0.00287EPSS
Exploits0References4
openvas
openvas
added 2009/03/23 12:0 a.m.46 views

Ubuntu Update for openssh vulnerability USN-612-2

Ubuntu Update for Linux kernel vulnerabilities USN-612-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN6122.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for openssh vulnerability USN-612-2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

7.8CVSS0.1AI score0.70721EPSS
Exploits8References2
openvas
openvas
added 2008/05/27 12:0 a.m.22 views

Debian: Security Advisory (DSA-1576-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.9AI score0.70721EPSS
Exploits9References2
debian
debian
added 2008/05/14 9:24 a.m.59 views

[SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

------------------------------------------------------------------------ Debian Security Advisory DSA-1576-1 [email protected] http://www.debian.org/security/ Florian Weimer May 14, 2008 http://www.debian.org/security/faq -...

7.8CVSS7.1AI score0.70721EPSS
Exploits9
osv
osv
added 2008/05/14 12:0 a.m.66 views

DSA-1576-1 openssh openssh-blacklist - predictable randomness

Bulletin has no description...

7.8CVSS6.6AI score0.70721EPSS
Exploits9
securityvulns
securityvulns
added 2001/01/17 12:0 a.m.28 views

Проблема в SSH1

закрытые ключи пользователя шифруются легко угадываемой ключевой фразой...

0.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder