Lucene search
+L

457 matches found

OSV
OSV
added 2018/02/05 3:29 a.m.3 views

ALPINE-CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS6.6AI score0.04806EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/02/05 3:0 a.m.59 views

CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS5.7AI score0.04806EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/02/04 12:0 a.m.26 views

CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS6.8AI score0.04806EPSS
Exploits0References3
CNVD
CNVD
added 2017/10/09 12:0 a.m.8 views

WordPress Encryption Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress version 4.8.2, which originates from the program storing the...

6.5CVSS6.6AI score0.02415EPSS
Exploits3References1
OSV
OSV
added 2017/09/29 9:50 a.m.2 views

SUSE-SU-2017:2598-1 Security update for libvirt

This update for libvirt fixes several issues. This security issue was fixed: - bsc1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc1049505, bsc1051017: Security manager: Don't...

7.4AI score
Exploits0References5
Atlassian
Atlassian
added 2017/04/05 4:34 p.m.51 views

Users with the same name as an inactive user in a higher priority directory get all that users memberships

h3. Summary In embedded Crowd in at least JIRA and Confluence, when a user is made inactive but retains its groups, then if a lower priority directory has a new user created with the same name, it now inherits their memberships. It seems like the logic used to determine the user authentication by...

0.6AI score
Exploits0Affected Software1
Citrix
Citrix
added 2017/02/08 12:0 a.m.6 views

vDisk Inactive - Unable to Create vDisk

vDisk is inactive...

7.2AI score
Exploits0
FireEye
FireEye
added 2016/12/15 1:0 p.m.21 views

Do You See What I CCM?

SCCM Software Metering Reviewing forensic keyword searches can be confusing because it is often difficult for an analyst to determine the source of the various structures that contain string matches. One such structure belongs to Microsoft's System Center Configuration Manager's SCCM software...

7.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2016/03/28 2:58 p.m.14 views

Facebook Fixes Instagram Vulnerability That Opened 1M Accounts to Compromise

Facebook was quick to fix an issue earlier this month that could’ve let an attacker break into four percent of all active, locked Instagram accounts, meaning it affected approximately one million users. Belgium-based IT security consultant Arne Swinnen discovered the issue two weeks ago when he...

Exploits0References6
Atlassian
Atlassian
added 2015/09/28 7:40 p.m.21 views

Migrating JIRA/Confluence from Cloud to Cloud reactivates inactive users

h3. Summary Admin migrated a Cloud instance of JIRA/Confluence to a new base URL. During the migration to the new JIRA/Confluence instance, inactive users became active. h3. Environment JIRA Cloud Confluence Cloud h3. Steps to Reproduce Create a user in JIRA Cloud Deactive user. Make inactive...

0.8AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/06/23 12:0 a.m.15 views

VMware vCenter Inactive Virtual Machines

Binary data vmwarevcenterinactivevms.nbin...

7.3AI score
Exploits0
CNVD
CNVD
added 2015/03/12 12:0 a.m.6 views

Apple iOS Security Bypass Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS has a security vulnerability that allows physically accessible users to view the HOME screen of a target device even when the device is not active...

1.9CVSS6.5AI score0.00347EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2015/03/07 8:0 p.m.16 views

Facebook Auto-UnLiker — Your Facebook Page 'Likes' Might Drop This Week

Do you own a Facebook Business page? If yes, then you will notice a drop in the number of "likes" on your Facebook Page by next week, which could be quite disappointing but, Facebook believes, will help business to know their actual followers. FACEBOOK'S OFFICIAL MASS AUTO-UNLIKE The social netwo...

6.7AI score
Exploits0
OSV
OSV
added 2014/07/01 5:55 p.m.3 views

DEBIAN-CVE-2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...

4CVSS4.3AI score0.00444EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2014/07/01 5:55 p.m.5 views

CVE-2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...

4CVSS5.2AI score0.00444EPSS
Exploits0References15
OSV
OSV
added 2014/07/01 12:0 a.m.3 views

UBUNTU-CVE-2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...

4CVSS6.1AI score0.00444EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2014/06/18 12:0 a.m.5 views

PT-2014-1921 · Freedesktop.Org +3 · D-Bus +3

Name of the Vulnerable Software and Affected Versions: D-Bus versions 1.2.x through 1.4.x D-Bus versions 1.6.x before 1.6.20 D-Bus versions 1.8.x before 1.8.10 Description: The issue allows local users to cause a denial of service or possibly conduct a side-channel attack via a D-Bus message to a...

7.2CVSS7.2AI score0.04514EPSS
Exploits6References55
OSV
OSV
added 2014/06/17 2:55 p.m.3 views

DEBIAN-CVE-2014-4047

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service connection consumption via a large number of 1 inactive or 2 incomplete HTTP...

5CVSS6.4AI score0.0491EPSS
Exploits0References1
OSV
OSV
added 2014/05/15 2:24 p.m.2 views

USN-2213-1 dovecot vulnerability

It was discovered that Dovecot incorrectly handled closing inactive SSL/TLS connections. A remote attacker could use this issue to cause Dovecot to stop responding to new connections, resulting in a denial of service...

5CVSS6.2AI score0.03331EPSS
Exploits0References2
NVD
NVD
added 2014/01/24 6:55 p.m.21 views

CVE-2013-6457

The libxlDomainGetNumaParameters function in the libxl driver libxl/libxldriver.c in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service invalid free operation and crash or possibly execute arbitrary code via an inactive domain to t...

5.2CVSS8.3AI score0.00659EPSS
Exploits0References8
Rows per page
Query Builder