Microsoft Windows: WPD Devices: Deny write access

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winwpddenywriteaccess.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for WPD Devices: Deny write access Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program ...

CVE-2017-0918

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution...

CVE-2017-0917

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting...

Input validation

Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution...

CVE-2017-0917

CVE-2017-0917: GitLab Community Edition v10.2.4 vulnerability in the CI job component due to lack of input validation, causing persistent cross-site scripting. Confirmed details across multiple sources indicate a remote attacker could inject arbitrary script via CI job output, leading to potentia...

CVE-2017-0924

CVE-2017-0924 affects GitLab Community Edition 10.2.4, with a lack of input validation in the labels component that enables persistent cross-site scripting (XSS). Multiple sources (NVD entry for CVE-2017-0924, OpenVAS NASL, CNVD entry) corroborate that the vulnerability is tied to the labels comp...

CVE-2017-0926

GitLab Community Edition 10.3 is affected by an improper authorization in the Oauth sign-in component, enabling unauthorized user login. Root cause: OAuth sign-in bypass allows login without proper authorization. Impact: unauthorized access via OAuth flow with partial/ high impact credentials (pe...

CVE-2017-0915

CVE-2017-0915 affects GitLab Community Edition 10.2.4, due to a lack of input validation in GitlabProjectsImportService, enabling remote code execution. Public/connected sources confirm arbitrary code execution via project import; remediations in the supplied docs point to upgrading to fixed GitL...

CVE-2017-0927

CVE-2017-0927 affects GitLab Community Edition 10.3 in the deployment keys component, with an improper authorization flaw that allowed guest users to unauthorized use deployment keys. According to NVD, CVSS v3 base score is 6.5 (network, low attack complexity, privileges required: low, no user in...

CVE-2017-0923

GitLab Community Edition 9.1 is affected by a lack of input validation in the IPython notebooks component, causing persistent cross-site scripting. Root cause: input validation weakness in IPython notebooks. Impact: potential XSS exposure. Exploitation details are not provided in the supplied doc...

CVE-2017-0923

Removed by vendor...

CVE-2017-0915

Removed by vendor...

CVE-2017-0916

Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the systemhookpush queue through web hook component resulting in remote code execution...

CVE-2016-9953

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...

CVE-2016-9952

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....

CVE-2016-9952

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....

ALPINE-CVE-2016-9952

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....

CVE-2016-9953

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...

ALPINE-CVE-2016-9953

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...

CVE-2016-9952

The CVE-2016-9952 issue affects libcurl (lib/vtls/schannel.c) in Windows CE builds using the schannel TLS backend. It arises in verify_certificate for libcurl versions 7.30.0 through 7.51.0 and allows remote attackers to perform MITM attacks by presenting a crafted wildcard SAN in the server cert...