44 matches found
PT-2022-4982 · Linux Pam +2 · Linux-Pam +2
Name of the Vulnerable Software and Affected Versions: Linux-PAM versions prior to 1.5.2-6.1 Description: The issue is related to the pam access.so module of the Linux-PAM package, which does not correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS...
openSUSE: Security Advisory for vlc (openSUSE-SU-2021:0691-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for vlc (moderate)
openSUSE Security Update: Security update for vlc Announcement ID: openSUSE-SU-2021:0691-1 Rating: moderate References: 1181918 Cross-References: CVE-2020-26664 CVSS scores: CVE-2020-26664 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 An update that...
DRUPAL-CONTRIB-2020-017
This module enables you to build forms and surveys in Drupal. The Webform Node sub-module allows these forms to be associated with a Drupal node. The Webform Node module does not implement access checking in the same manner as other nodes and entities. As such, writers of custom modules which...
CVE-2011-2726
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied...
CVE-2017-6930
In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...
CVE-2017-17704
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...
Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update C)
CVSS v3 6.8 Vendor: Siemens Equipment: SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products Vulnerabilities: Security Features UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01B Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products that was...
openSUSE Security Update : vlc (openSUSE-2017-1100)
This update for vlc fixes several issues. This security issue was fixed : - CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file bsc1041907. These non-security issues were fixed : - Stop depending on...
openSUSE Security Update : vlc (openSUSE-2017-1101)
This update for vlc to version 2.2.6 fixes several issues. This security issue was fixed : - CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file bsc1041907. These non-security issues were fixed : -...
Page Access - Unsupported - SA-CONTRIB-2017-075
This module will provide the option to give the View and Edit access for users and roles on each node pages. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module,...
CVE-2012-2153
CVE-2012-2153 affects Drupal 7.x prior to 7.14. The issue is an improper restriction of access to nodes in a list when using a contributed node access module, allowing remote authenticated users with the “Access the content overview page” permission to read all published nodes via the admin/conte...
CVE-2012-2304
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2012-2304
CVE-2012-2304 concerns the Linkit module for Drupal (7.x-2.x series). The issue occurs when using an entity access module: during entity searches, Linkit did not enforce access restrictions, allowing remote attackers to view information about content they normally should not access. Affected vers...
SA-CONTRIB-2012-093 - Node Embed - Access Bypass
Node Embed gives content editors an interface for selecting and embedding nodes using a WYSIWYG editor. The interface for selecting nodes is a page that had no access check, allowing users to view node titles they might not have access to. This issue only affects your site if you have unpublished...
SA-CONTRIB-2012-067 - Linkit - Access bypass
CVE: CVE-2012-2304 Linkitprovides an easy interface for internal and external linking. Linkit links to nodes, users, managed files, terms and have basic support for all entities by default, using an autocomplete field. When searching for entities, no access restrictions were added and users may s...
SA-CORE-2011-003 - Drupal core - Access bypass
CVE: CVE-2011-2726 Access bypass in private file fields on comments. Drupal 7 contains two new features: the ability to attach File upload fields to any entity type in the system and the ability to point individual File upload fields to the private file directory. If a Drupal site is using these...
SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities
CVE: CVE-2011-2687 Multiple vulnerabilities and weaknesses were discovered in Drupal. Reflected cross site scripting vulnerability in error handler A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a...
SA-CONTRIB-2010-069 - Case Tracker - Multiple Vulnerabilities
The Case Tracker module enables teams to track outstanding cases which need resolution by attaching a status, priority and type. Cross Site Scripting XSS The module does not sanitize some of the user-supplied data before displaying it, leading to a cross site scripting XSS vulnerability that may...
SA-CONTRIB-2010-019 - Weekly Archive by Node Type - Access Bypass
The Weekly Archive by Node Type module generates weekly archive pages and a block with links to the pages. You can specify the node types that will be included in the archive pages. In weekly summaries listings, the Weekly Archive by Node Type module does not construct its SQL query to respect no...