Lucene search
K

44 matches found

Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.3 views

PT-2022-4982 · Linux Pam +2 · Linux-Pam +2

Name of the Vulnerable Software and Affected Versions: Linux-PAM versions prior to 1.5.2-6.1 Description: The issue is related to the pam access.so module of the Linux-PAM package, which does not correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS...

10CVSS9.2AI score0.01218EPSS
Exploits0References19
OpenVAS
OpenVAS
added 2021/05/12 12:0 a.m.15 views

openSUSE: Security Advisory for vlc (openSUSE-SU-2021:0691-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.8AI score0.0146EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/09 12:0 a.m.34 views

Security update for vlc (moderate)

openSUSE Security Update: Security update for vlc Announcement ID: openSUSE-SU-2021:0691-1 Rating: moderate References: 1181918 Cross-References: CVE-2020-26664 CVSS scores: CVE-2020-26664 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 An update that...

7.8CVSS7.8AI score0.0146EPSS
Exploits1References1
OSV
OSV
added 2020/05/06 5:2 p.m.5 views

DRUPAL-CONTRIB-2020-017

This module enables you to build forms and surveys in Drupal. The Webform Node sub-module allows these forms to be associated with a Drupal node. The Webform Node module does not implement access checking in the same manner as other nodes and entities. As such, writers of custom modules which...

7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/11/15 5:15 p.m.38 views

CVE-2011-2726

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied...

7.5CVSS6.9AI score0.01598EPSS
Exploits0References2
NVD
NVD
added 2018/03/01 11:29 p.m.20 views

CVE-2017-6930

In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...

8.1CVSS7.9AI score0.0131EPSS
Exploits0References1
OSV
OSV
added 2017/12/31 2:29 a.m.5 views

CVE-2017-17704

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...

7.4CVSS5.7AI score0.00999EPSS
Exploits0References1
ICS
ICS
added 2017/11/14 12:0 a.m.55 views

Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update C)

CVSS v3 6.8 Vendor: Siemens Equipment: SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products Vulnerabilities: Security Features UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01B Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products that was...

8.1CVSS7.9AI score0.04575EPSS
Exploits1References58
Tenable Nessus
Tenable Nessus
added 2017/10/02 12:0 a.m.21 views

openSUSE Security Update : vlc (openSUSE-2017-1100)

This update for vlc fixes several issues. This security issue was fixed : - CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file bsc1041907. These non-security issues were fixed : - Stop depending on...

7.8CVSS7.7AI score0.03284EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2017/10/02 12:0 a.m.28 views

openSUSE Security Update : vlc (openSUSE-2017-1101)

This update for vlc to version 2.2.6 fixes several issues. This security issue was fixed : - CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file bsc1041907. These non-security issues were fixed : -...

7.8CVSS7.7AI score0.03284EPSS
Exploits1References3
Drupal
Drupal
added 2017/09/20 12:0 a.m.16 views

Page Access - Unsupported - SA-CONTRIB-2017-075

This module will provide the option to give the View and Edit access for users and roles on each node pages. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module,...

7.2AI score
Exploits0References7
CVE
CVE
added 2012/10/01 12:0 a.m.113 views

CVE-2012-2153

CVE-2012-2153 affects Drupal 7.x prior to 7.14. The issue is an improper restriction of access to nodes in a list when using a contributed node access module, allowing remote authenticated users with the “Access the content overview page” permission to read all published nodes via the admin/conte...

4CVSS6AI score0.01881EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2012/08/14 10:0 p.m.21 views

CVE-2012-2304

The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors...

6.3AI score0.02097EPSS
Exploits0References8
CVE
CVE
added 2012/08/14 10:0 p.m.40 views

CVE-2012-2304

CVE-2012-2304 concerns the Linkit module for Drupal (7.x-2.x series). The issue occurs when using an entity access module: during entity searches, Linkit did not enforce access restrictions, allowing remote attackers to view information about content they normally should not access. Affected vers...

4.3CVSS6.4AI score0.02097EPSS
Exploits0References8Affected Software1
Drupal
Drupal
added 2012/06/06 12:0 a.m.19 views

SA-CONTRIB-2012-093 - Node Embed - Access Bypass

Node Embed gives content editors an interface for selecting and embedding nodes using a WYSIWYG editor. The interface for selecting nodes is a page that had no access check, allowing users to view node titles they might not have access to. This issue only affects your site if you have unpublished...

4.3CVSS6.2AI score0.02774EPSS
Exploits1References11
Drupal
Drupal
added 2012/04/25 12:0 a.m.22 views

SA-CONTRIB-2012-067 - Linkit - Access bypass

CVE: CVE-2012-2304 Linkitprovides an easy interface for internal and external linking. Linkit links to nodes, users, managed files, terms and have basic support for all entities by default, using an autocomplete field. When searching for entities, no access restrictions were added and users may s...

4.3CVSS6.3AI score0.02097EPSS
Exploits0References10
Drupal
Drupal
added 2011/07/27 12:0 a.m.506 views

SA-CORE-2011-003 - Drupal core - Access bypass

CVE: CVE-2011-2726 Access bypass in private file fields on comments. Drupal 7 contains two new features: the ability to attach File upload fields to any entity type in the system and the ability to point individual File upload fields to the private file directory. If a Drupal site is using these...

7.5CVSS7.8AI score0.01598EPSS
Exploits0References10
Drupal
Drupal
added 2011/05/25 12:0 a.m.662 views

SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities

CVE: CVE-2011-2687 Multiple vulnerabilities and weaknesses were discovered in Drupal. Reflected cross site scripting vulnerability in error handler A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a...

7.5CVSS6.1AI score0.03056EPSS
Exploits0References15
Drupal
Drupal
added 2010/06/23 12:0 a.m.19 views

SA-CONTRIB-2010-069 - Case Tracker - Multiple Vulnerabilities

The Case Tracker module enables teams to track outstanding cases which need resolution by attaching a status, priority and type. Cross Site Scripting XSS The module does not sanitize some of the user-supplied data before displaying it, leading to a cross site scripting XSS vulnerability that may...

5.8AI score
Exploits0References9
Drupal
Drupal
added 2010/02/24 12:0 a.m.12 views

SA-CONTRIB-2010-019 - Weekly Archive by Node Type - Access Bypass

The Weekly Archive by Node Type module generates weekly archive pages and a block with links to the pages. You can specify the node types that will be included in the archive pages. In weekly summaries listings, the Weekly Archive by Node Type module does not construct its SQL query to respect no...

7.7AI score
Exploits0References4
Rows per page
Query Builder