Lucene search
K

2079 matches found

Positive Technologies
Positive Technologies
added 2020/09/02 12:0 a.m.4 views

PT-2021-6689 · Arm +2 · Arm Mbed Tls +2

Name of the Vulnerable Software and Affected Versions: Arm Mbed TLS versions prior to 2.24.0 Description: The issue is related to the incorrect use of a revocationDate check when deciding whether to honor certificate revocation via a CRL. This can be exploited by an attacker in certain situations...

9.8CVSS5.6AI score0.02569EPSS
Exploits6References79
Github Security Blog
Github Security Blog
added 2020/09/01 8:45 p.m.29 views

Malicious Package in eslint-config-eslint

Version 5.0.2 of eslint-config-eslint was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to a remote server. Recommendation The best course of action if you found this package installed i...

7.1AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/08/26 3:15 p.m.3 views

CVE-2020-5913

In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the...

7.4CVSS7.1AI score0.005EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/08/26 12:0 a.m.5 views

PT-2020-18811 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 11.6.1 through 11.6.5.2 F5 BIG-IP versions 12.1.0 through 12.1.5.1 F5 BIG-IP versions 13.1.0 through 13.1.3.4 F5 BIG-IP versions 14.1.0 through 14.1.2.3 F5 BIG-IP versions 15.0.0 through 15.1.0.1 Description: The issue aris...

7.4CVSS7.3AI score0.005EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/08/12 12:0 a.m.26 views

Improper Check for Certificate Revocation (FG-IR-19-144)

The remote host is affected by an improper check for certificate revocation vulnerability. Certificates taken out of service could potentially be improperly re-used. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid139547; scriptversion"1.4";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/08/12 12:0 a.m.22 views

Improper Check for Certificate Revocation (FG-IR-19-144)

The remote host is affected by an improper check for certificate revocation vulnerability. Certificates taken out of service could potentially be improperly re-used. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid139546; scriptversion"1.2";...

5.5AI score
Exploits0References1
Prion
Prion
added 2020/08/10 2:15 p.m.12 views

Design/Logic Flaw

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application...

5.5CVSS5.3AI score0.01221EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/08/10 2:15 p.m.2 views

UBUNTU-CVE-2020-13294

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application...

5.4CVSS5.8AI score0.01221EPSS
Exploits0References6
CVE
CVE
added 2020/08/10 1:30 p.m.62 views

CVE-2020-13294

CVE-2020-13294 affects GitLab before 13.0.12, 13.1.6, and 13.2.3, where access grants were not revoked when a user revoked access to an application. This could allow continued access after revocation. Remediation: upgrade GitLab to a version where this is fixed (e.g., 13.2.3 or later). Exploitati...

5.5CVSS5.2AI score0.01221EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/08/10 12:0 a.m.3 views

PT-2020-13435 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue arises when access grants are not revoked after a user has revoked access to an application. This could potentially lead t...

5.5CVSS5.2AI score0.01221EPSS
Exploits0References14
CNVD
CNVD
added 2020/08/07 12:0 a.m.2 views

Unspecified Vulnerability in RIPE NCC RPKI Validator

RIPE NCC RPKI Validator is an RPKI validator from RIPE NCC in the Netherlands. A security vulnerability exists in RIPE NCC RPKI Validator version 3.x up to version 3.1-2020.07.06.14.28, which stems from the program not checking for the presence or failure of a CRL. A remote attacker could exploit...

7.5CVSS6.9AI score0.00744EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/08/07 12:0 a.m.42 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (a003b74f-d7b3-11ea-9df1-001b217b3468)

Gitlab reports : Arbitrary File Read when Moving an Issue Memory Exhaustion via Excessive Logging of Invite Email Error Denial of Service Through Project Import Feature User Controlled Git Configuration Settings Resulting in SSRF Stored XSS in Issue Reference Number Tooltip Stored XSS in Issues...

9.8CVSS6.7AI score0.42741EPSS
Exploits11References6
Positive Technologies
Positive Technologies
added 2020/08/05 12:0 a.m.4 views

PT-2020-14928 · Nlnet · Routinator

Name of the Vulnerable Software and Affected Versions: NLnet Labs Routinator versions 0.1.0 through 0.7.1 Description: An issue allows remote attackers to bypass intended access restrictions or cause a denial of service on dependent routing systems. This is achieved by strategically withholding...

7.4CVSS7.4AI score0.00747EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2020/08/05 12:0 a.m.38 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Arbitrary File Read when Moving an Issue Memory Exhaustion via Excessive Logging of Invite Email Error Denial of Service Through Project Import Feature User Controlled Git Configuration Settings Resulting in SSRF Stored XSS in Issue Reference Number Tooltip Stored XSS in Issues Li...

9.8CVSS1.2AI score0.0456EPSS
Exploits1References1
NCSC
NCSC
added 2020/08/04 12:0 a.m.7 views

Vulnerabilities fixed in GRUB2

Researchers have found multiple vulnerabilities in GRUB2. The vulnerability with reference CVE-2020-10713 has been named "Boothole." assigned. This vulnerability allows a malicious person with physical access to the system or a malicious person with administrator privileges able to execute...

8.2CVSS7.9AI score0.01588EPSS
Exploits1
NVD
NVD
added 2020/07/30 4:15 p.m.13 views

CVE-2020-16164

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509...

7.4CVSS7.4AI score0.00907EPSS
Exploits0References3
Prion
Prion
added 2020/07/30 4:15 p.m.9 views

Code injection

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509...

5.8CVSS7.4AI score0.00907EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/07/30 12:0 a.m.8 views

PT-2020-14786 · Ripe Ncc · Ripe Ncc Rpki Validator

Name of the Vulnerable Software and Affected Versions: RIPE NCC RPKI Validator versions 3.x through 3.1-2020.07.06.14.28 Description: The issue allows remote attackers to bypass intended access restrictions or cause a denial of service on dependent routing systems by strategically withholding RPK...

7.4CVSS7.4AI score0.00907EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2020/07/30 12:0 a.m.5 views

PT-2020-14784 · Ripe Ncc · Ripe Ncc Rpki Validator

Name of the Vulnerable Software and Affected Versions: RIPE NCC RPKI Validator versions 3.x through 3.1-2020.07.06.14.28 Description: An issue was discovered in the X509-based RPKI certificate-tree validation procedure, where missing validation checks on CRL presence or CRL staleness allow remote...

7.5CVSS7.5AI score0.00744EPSS
Exploits0References5
CERT
CERT
added 2020/07/29 12:0 a.m.91 views

GRUB2 bootloader is vulnerable to buffer overflow

Overview The GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled. Description GRUB2 is a multiboot boot loader that replaced GRUB Legacy in 2012. A boot loader is the first program that runs upon...

8.2CVSS8.6AI score0.01068EPSS
Exploits0References6
Rows per page
Query Builder