133 matches found
GHSA-8F6M-GFQ9-G33V Cross-site Scripting in html5lib
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
Cross-site Scripting in html5lib
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
Information disclosure
SAP Commerce Backoffice Search, versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the...
CVE-2020-1958
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based...
Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2020-2539)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Information Disclosure
doorkeeper is susceptible to information disclosure. If it enables the Doorkeeper::Application attributes using the GET /oauth/authorizedapplications.json, an authorized application user can access the model attribute values including secrets...
An SVG graphic that has attributes that use large values may not be parsed correctly
An SVG graphic that has attributes that use large values may not be parsed correctly Symptoms When you browse a webpage that contains a Scalable Vector Graphics SVG graphic that has attributes that use large values, the SVG graphic may not be parsed correctly. Cause This problem occurs because...
Amazon Linux 2 : 389-ds-base (ALAS-2020-1381)
The version of 389-ds-base installed on the remote host is prior to 1.3.9.1-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1381 advisory. A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values...
NewStart CGSL CORE 5.05 / MAIN 5.05 : 389-ds-base Vulnerability (NS-SA-2020-0003)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has 389-ds-base packages installed that are affected by a vulnerability: - A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, th...
NewStart CGSL CORE 5.04 / MAIN 5.04 : 389-ds-base Vulnerability (NS-SA-2019-0261)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has 389-ds-base packages installed that are affected by a vulnerability: - A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, th...
Debian DLA-2004-1 : 389-ds-base security update
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. For Debian 8 'Jessie', this problem has been fixed ...
CVE-2019-14824
CVE-2019-14824 affects 389-ds-base and its deref plugin, enabling an authenticated attacker to disclose attribute values by abusing the search permission (e.g., password hashes). Public details across connected docs confirm the flaw and show patches across multiple distros: Debian (fixed in 1.3.3...
CVE-2019-14824
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...
Improper access control
Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters...
CVE-2018-14867
Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters...
Information disclosure
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are...
CVE-2018-10919
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are...
CVE-2018-10919
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are...
FreeBSD : samba -- multiple vulnerabilities (c4e9a427-9fc2-11e8-802a-000c29a1e3ec)
The samba project reports : Samba releases 4.7.0 to 4.8.3 inclusive contain an error which allows authentication using NTLMv1 over an SMB1 transport either directory or via NETLOGON SamLogon calls from a member server, even when NTLMv1 is explicitly disabled on the server. Missing input...
UBUNTU-CVE-2017-0366
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration...