CVE-2020-25276

An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate...

CVE-2020-16228

In Patient Information Center iX PICiX Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate...

CVE-2020-16228

In Patient Information Center iX PICiX Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate...

CVE-2020-16228 Philips Patient Monitoring Devices Improper Check for Certificate Revocation

In Patient Information Center iX PICiX Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate...

CVE-2020-16228

CVE-2020-16228 affects Philips PICiX (PIC iX) Versions C.02/C.03, PerformanceBridge Focal Point A.01, IntelliVue monitors MX100/MX400-MX850 and MP2-MP90, and IntelliVue X3 Versions N and prior. The issue is improper or missing certificate revocation checking, which may cause the device to trust a...

PT-2020-14827 · Philips · Patient Information Center Ix +2

Name of the Vulnerable Software and Affected Versions: Patient Information Center iX PICiX versions C.02 and C.03 PerformanceBridge Focal Point version A.01 IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850 IntelliVue X3 versions N and prior Description: The software does not check or...

PT-2020-16057 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions 6.x through 7.4.0 Description: An issue was discovered where no revocation check is performed on a client certificate when enrolling over the EST protocol. This can affect systems with EST configured, using client...

revocation-of-power-of-attorney.com Cross Site Scripting vulnerability OBB-1308534

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

FreeBSD : Gitlab -- multiple vulnerabilities (1fb13175-ed52-11ea-8b93-001b217b3468)

Gitlab reports : Vendor Cross-Account Assume-Role Attack Stored XSS on the Vulnerability Page Outdated Job Token Can Be Reused to Access Unauthorized Resources File Disclosure Via Workhorse File Upload Bypass Unauthorized Maintainer Can Edit Group Badge Denial of Service Within Wiki Functionality...

PT-2021-6689 · Arm +2 · Arm Mbed Tls +2

Name of the Vulnerable Software and Affected Versions: Arm Mbed TLS versions prior to 2.24.0 Description: The issue is related to the incorrect use of a revocationDate check when deciding whether to honor certificate revocation via a CRL. This can be exploited by an attacker in certain situations...

Malicious Package in eslint-config-eslint

Version 5.0.2 of eslint-config-eslint was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to a remote server. Recommendation The best course of action if you found this package installed i...

CVE-2020-5913

In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the...

PT-2020-18811 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 11.6.1 through 11.6.5.2 F5 BIG-IP versions 12.1.0 through 12.1.5.1 F5 BIG-IP versions 13.1.0 through 13.1.3.4 F5 BIG-IP versions 14.1.0 through 14.1.2.3 F5 BIG-IP versions 15.0.0 through 15.1.0.1 Description: The issue aris...

Improper Check for Certificate Revocation (FG-IR-19-144)

The remote host is affected by an improper check for certificate revocation vulnerability. Certificates taken out of service could potentially be improperly re-used. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid139547; scriptversion"1.4";...

Improper Check for Certificate Revocation (FG-IR-19-144)

The remote host is affected by an improper check for certificate revocation vulnerability. Certificates taken out of service could potentially be improperly re-used. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid139546; scriptversion"1.2";...

Design/Logic Flaw

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application...

UBUNTU-CVE-2020-13294

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application...

CVE-2020-13294

CVE-2020-13294 affects GitLab before 13.0.12, 13.1.6, and 13.2.3, where access grants were not revoked when a user revoked access to an application. This could allow continued access after revocation. Remediation: upgrade GitLab to a version where this is fixed (e.g., 13.2.3 or later). Exploitati...

PT-2020-13435 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue arises when access grants are not revoked after a user has revoked access to an application. This could potentially lead t...

Unspecified Vulnerability in RIPE NCC RPKI Validator

RIPE NCC RPKI Validator is an RPKI validator from RIPE NCC in the Netherlands. A security vulnerability exists in RIPE NCC RPKI Validator version 3.x up to version 3.1-2020.07.06.14.28, which stems from the program not checking for the presence or failure of a CRL. A remote attacker could exploit...