86 matches found
EUVD-2001-1425
Malware in sbrugna...
EUVD-2004-1111
Malware in sbrugna...
EUVD-2004-1127
Malware in sbrugna...
EUVD-2006-4926
Malware in sbrugna...
BIT-DJANGO-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...
CVE-2024-49193
Zendesk pre-2024-07-02 is affected. The issue arises from processing incoming emails where Cc fields are extracted to grant extra ticket-viewing privileges, combined with an insufficient spoof-detection mechanism and predictable per-ticket support emails. This allows remote attackers to read tick...
CVE-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...
CVE-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...
CVE-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...
CVE-2024-45231
Django CVE-2024-45231: Affects Django v5.1.1, v5.0.9, and v4.2.16. PasswordResetForm could reveal user email addresses during password-reset attempts when email sending fails, allowing remote enumeration through response outcomes. Public details in Debian/IBM advisories confirm exploitation requi...
CVE-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...
Updated python3 packages fix security vulnerabilities
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
EulerOS 2.0 SP8 : python3 (EulerOS-SA-2024-2485)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects serve...
SUSE SLES15: libpython2_7-1_0 / python / python-base / python-curses / etc (SUSE-SU-2024:0329-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0329-2 advisory. - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character bsc1210638. Tenable has extracted the preceding descripti...
Fedora 38 : mingw-python3 (2024-94e0390e4e)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-94e0390e4e advisory. Update to python3.11.8, backport fix for CVE-2023-27043. Tenable has extracted the preceding description block directly from the Fedora security advisory. No...
SUSE: Security Advisory (SUSE-SU-2024:0595-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15: libpython3_6m1_0 / libpython3_6m1_0-32bit / python3 / python3-base / etc (SUSE-SU-2024:0581-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0581-1 advisory. - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character bsc1210638...
Fedora 39 : python2.7 (2024-06ff0a6def)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-06ff0a6def advisory. Security fix for CVE-2023-27043 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2023-252)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-252 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...
CVE-2023-31445
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...