9 matches found
EUVD-2026-5329
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2023-4478 Parameter tampering in the registration resulting in blocked accounts to be created
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...
CVE-2023-4478 Parameter tampering in the registration resulting in blocked accounts to be created
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...
The vulnerability of the PAM auth function in the configuration management system and the remote execution of Salt operations allows a perpetrator to execute any commands they want.
The vulnerability of the PAM auth function in configuration management and remote execution of Salt operations is related to the absence of effective blocking for “locked accounts”. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
Vulnerabilities fixed in Atlassian Jira Server
Atlassian has fixed two vulnerabilities in Jira Server. A authenticated malicious person could exploit the vulnerabilities to give themselves elevated privileges, gain access to sensitive data and manipulate that data. The vulnerability is in access control, which allows accounts that have been...
MediaWiki suffers from an unspecified vulnerability (CNVD-2021-48983)
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. MediaWiki 1.36 suffers from a security vulnerability that stems from the fact that the search results...
MediaWiki 安全漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. MediaWiki 1.36 suffers from a security vulnerability that stems from the fact that the search results...
UBUNTU-CVE-2019-19234
In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...
Проблемы с блокирвоанными пользователями в Cisco Secure ACS (protection bypass)
Пользователи с блокирвоанными учетными записями NDS могут войти в систему...