PT-2021-22725 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.11.0 and later Description: The issue is related to missing authentication in GitLab CE/EE, which allows an attacker with access to a victim's session to disable two-factor authentication. Recommendations: For GitLab...

GitLab Enterprise Edition 安全特征问题漏洞

GitLab Enterprise Edition is a content management system GitLab is a self-hosted Git version control system project repository application developed by GitLab, Inc. using Ruby on Rails. The program can be used to access the project's file content, commit history, bug list, etc.. A security...

VulnCheck KEV: CVE-2022-1388

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services...

AcuityBrands nLight ECLYPSE 安全漏洞

The AcuityBrands NLight Eclypse Necy is a system controller from AcuityBrands, Inc. It is used to connect nLight lighting networks to IP networks. A security vulnerability exists in the AcuityBrands nLight ECLYPSE that stems from a lack of security measures such as authentication, access control,...

CVE-2019-10941

A vulnerability has been identified in SINEMA Server All versions V14 SP3. Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected...

OPENSUSE-SU-2021:1255-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo1190291 - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Insertion of Sensitive...

IBM QRadar 加密问题漏洞

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A security...

Siemens SINEMA Server

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Server Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain encoded...

NETGEAR XR1000 UPnP SOAPAction Missing Authentication Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack ...

Matrix 信息泄露漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. Matrix suffers from an information disclosure vulnerability that stems from the product not doing valid authentication of access user privileges. An attacker could access members' sensitive information via another...

CVE-2021-33882

A Missing Authentication for Critical Function vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to reconfigure the device from an unknown source because of lack of authentication on proprietary networking commands...

CVE-2021-33882

A Missing Authentication for Critical Function vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to reconfigure the device from an unknown source because of lack of authentication on proprietary networking commands...

CVE-2021-33882

CVE-2021-33882 affects B. Braun SpaceCom2 prior to 012U000062 and is a Missing Authentication for Critical Function issue that lets a remote attacker reconfigure the device via unauthenticated commands on the SpaceCom/SpaceStation interface. Public Red Hat/US advisories and the McAfee/Trellix ana...

Siemens Sicam Missing Authentication for Critical Function

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device. File data ot500482.nasl...

CVE-2020-36239

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....

CVE-2020-36239

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....

CVE-2020-36239

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....

CVE-2020-36239

CVE-2020-36239 affects Jira Data Center, Jira Core Data Center, Jira Software Data Center (versions prior to 8.5.16 for 6.3.0 line, prior to 8.13.8 for 8.6.0 line, prior to 8.17.0 for 8.14.0 line) and Jira Service Management Data Center (prior to 4.5.16 for 2.0.2 line, prior to 4.13.8 for 4.6.0 l...

Atlassian Jira Data Center / Jira Service Management Data Center Missing Authentication (2021-07-21)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is affected by a missing authentication flaw in its Ehcache RMI component. An unauthenticated, remote attacker could exploit this to bypass authentication and execute arbitrary code on an...

CVE-2020-7389 Sage X3 Syracuse Missing Authentication for Critical Function in Developer Environment

Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production...