EUVD-2006-3890

Malware in sbrugna...

EUVD-2023-58902

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-6680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16...

CVE-2023-6680

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...

USN-7346-3: OpenSC vulnerabilities

USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a regression which broke smartcard based authentication. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenSC did not correctly handle certain memory operations...

The vulnerability of the SmartCard Authentication component in the SolarWinds DameWare Mini Remote Control software allows a intruder to execute arbitrary codes.

The vulnerability of the SmartCard Authentication component in the SolarWinds DameWare Mini Remote Control software lies in the lack of a proper mechanism for verifying the source of the credential. Exploiting this vulnerability could allow an attacker to execute arbitrary commands by sending a...

BIT-GITLAB-2023-6680 Improper Certificate Validation in GitLab

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...

CVE-2023-6680

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...

CVE-2023-6680

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...

Input validation

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...

UBUNTU-CVE-2023-6680

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...

CVE-2023-6680

CVE-2023-6680 affects GitLab Enterprise Edition (EE) Smartcard authentication. The issue is an improper certificate validation in the Smartcard authentication flow that, if enabled by an administrator (it is an experimental feature), allows an attacker to authenticate as another user using a publ...

CVE-2023-6680 Improper Certificate Validation in GitLab

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...

CVE-2023-6680

Removed by vendor...

CVE-2023-6680 Improper Certificate Validation in GitLab

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...

PT-2023-8226 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.6 through 16.4.3 GitLab EE versions 16.5 through 16.5.3 GitLab EE versions 16.6 through 16.6.1 Description: The issue is related to an improper certificate validation in Smartcard authentication, allowing an attacker to...

GitLab 11.6 < 16.4.4 / 16.5 < 16.5.4 / 16.6 < 16.6.2 (CVE-2023-6680)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to...

FreeBSD : Gitlab -- vulnerabilities (e2fb85ce-9a3c-11ee-af26-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e2fb85ce-9a3c-11ee-af26-001b217b3468 advisory. - Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's...

ActivIdentity 8.2 Unquoted Service Path

Exploit Title: ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2021-03-21 Software Version : ActivIdentity 8.2 Vendor Homepage : https://www.hidglobal.com/ Tested on OS: Windows 7 Pro ActivIdentity was Acquired by HID Global in Octuber 2010...

PT-2019-6468 · Solarwinds · Dameware Mini Remote Control

Name of the Vulnerable Software and Affected Versions: DameWare Mini Remote Control version 12.1.0.89 Description: The issue allows an unauthenticated, remote attacker to request smart card login and upload and execute an arbitrary executable run under the Local System account. This is due to a...