Lucene search
K

133 matches found

OSV
OSV
added 2022/05/17 2:57 a.m.13 views

GHSA-8F6M-GFQ9-G33V Cross-site Scripting in html5lib

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...

6.1CVSS5.8AI score0.02141EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/17 2:57 a.m.22 views

Cross-site Scripting in html5lib

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...

6.1CVSS4.5AI score0.02141EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2021/05/11 3:15 p.m.21 views

Information disclosure

SAP Commerce Backoffice Search, versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the...

4CVSS6.1AI score0.00823EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2021/02/01 2:1 p.m.32 views

CVE-2020-1958

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based...

6.5CVSS2.2AI score0.04565EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/12/15 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2020-2539)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7AI score0.01357EPSS
Exploits0References2
Veracode
Veracode
added 2020/05/04 9:21 a.m.35 views

Information Disclosure

doorkeeper is susceptible to information disclosure. If it enables the Doorkeeper::Application attributes using the GET /oauth/authorizedapplications.json, an authorized application user can access the model attribute values including secrets...

7.5CVSS2.3AI score0.02016EPSS
Exploits0References4Affected Software1
Microsoft KB
Microsoft KB
added 2020/04/09 12:0 a.m.7 views

An SVG graphic that has attributes that use large values may not be parsed correctly

An SVG graphic that has attributes that use large values may not be parsed correctly Symptoms When you browse a webpage that contains a Scalable Vector Graphics SVG graphic that has attributes that use large values, the SVG graphic may not be parsed correctly. Cause This problem occurs because...

6.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/01/21 12:0 a.m.44 views

Amazon Linux 2 : 389-ds-base (ALAS-2020-1381)

The version of 389-ds-base installed on the remote host is prior to 1.3.9.1-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1381 advisory. A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values...

6.5CVSS6.7AI score0.013EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/01/20 12:0 a.m.68 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : 389-ds-base Vulnerability (NS-SA-2020-0003)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has 389-ds-base packages installed that are affected by a vulnerability: - A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, th...

6.5CVSS6.7AI score0.013EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.112 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : 389-ds-base Vulnerability (NS-SA-2019-0261)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has 389-ds-base packages installed that are affected by a vulnerability: - A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, th...

6.5CVSS6.7AI score0.013EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/03 12:0 a.m.33 views

Debian DLA-2004-1 : 389-ds-base security update

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. For Debian 8 'Jessie', this problem has been fixed ...

6.5CVSS6.5AI score0.013EPSS
Exploits0References3
CVE
CVE
added 2019/11/08 2:45 p.m.140 views

CVE-2019-14824

CVE-2019-14824 affects 389-ds-base and its deref plugin, enabling an authenticated attacker to disclose attribute values by abusing the search permission (e.g., password hashes). Public details across connected docs confirm the flaw and show patches across multiple distros: Debian (fixed in 1.3.3...

6.5CVSS6.2AI score0.013EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2019/11/08 2:45 p.m.29 views

CVE-2019-14824

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

6.5CVSS6.3AI score0.013EPSS
Exploits0References5
Prion
Prion
added 2019/06/28 6:15 p.m.16 views

Improper access control

Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters...

5CVSS5.3AI score0.01399EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/06/28 5:37 p.m.26 views

CVE-2018-14867

Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters...

5.3AI score0.01399EPSS
Exploits0References2
Prion
Prion
added 2018/08/22 5:29 p.m.38 views

Information disclosure

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are...

4CVSS6.1AI score0.02195EPSS
Exploits0References7Affected Software3
AlpineLinux
AlpineLinux
added 2018/08/22 5:0 p.m.37 views

CVE-2018-10919

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are...

6.5CVSS6.7AI score0.02195EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/08/22 5:0 p.m.30 views

CVE-2018-10919

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are...

6.5CVSS6AI score0.02195EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/08/15 12:0 a.m.26 views

FreeBSD : samba -- multiple vulnerabilities (c4e9a427-9fc2-11e8-802a-000c29a1e3ec)

The samba project reports : Samba releases 4.7.0 to 4.8.3 inclusive contain an error which allows authentication using NTLMv1 over an SMB1 transport either directory or via NETLOGON SamLogon calls from a member server, even when NTLMv1 is explicitly disabled on the server. Missing input...

8.8CVSS6.6AI score0.10839EPSS
Exploits0References11
OSV
OSV
added 2018/04/13 4:29 p.m.5 views

UBUNTU-CVE-2017-0366

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration...

5.4CVSS6.8AI score0.01342EPSS
Exploits1References3
Rows per page
Query Builder