457 matches found
ALPINE-CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...
CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...
CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...
WordPress Encryption Vulnerability
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress version 4.8.2, which originates from the program storing the...
SUSE-SU-2017:2598-1 Security update for libvirt
This update for libvirt fixes several issues. This security issue was fixed: - bsc1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc1049505, bsc1051017: Security manager: Don't...
Users with the same name as an inactive user in a higher priority directory get all that users memberships
h3. Summary In embedded Crowd in at least JIRA and Confluence, when a user is made inactive but retains its groups, then if a lower priority directory has a new user created with the same name, it now inherits their memberships. It seems like the logic used to determine the user authentication by...
vDisk Inactive - Unable to Create vDisk
vDisk is inactive...
Do You See What I CCM?
SCCM Software Metering Reviewing forensic keyword searches can be confusing because it is often difficult for an analyst to determine the source of the various structures that contain string matches. One such structure belongs to Microsoft's System Center Configuration Manager's SCCM software...
Facebook Fixes Instagram Vulnerability That Opened 1M Accounts to Compromise
Facebook was quick to fix an issue earlier this month that could’ve let an attacker break into four percent of all active, locked Instagram accounts, meaning it affected approximately one million users. Belgium-based IT security consultant Arne Swinnen discovered the issue two weeks ago when he...
Migrating JIRA/Confluence from Cloud to Cloud reactivates inactive users
h3. Summary Admin migrated a Cloud instance of JIRA/Confluence to a new base URL. During the migration to the new JIRA/Confluence instance, inactive users became active. h3. Environment JIRA Cloud Confluence Cloud h3. Steps to Reproduce Create a user in JIRA Cloud Deactive user. Make inactive...
VMware vCenter Inactive Virtual Machines
Binary data vmwarevcenterinactivevms.nbin...
Apple iOS Security Bypass Vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS has a security vulnerability that allows physically accessible users to view the HOME screen of a target device even when the device is not active...
Facebook Auto-UnLiker — Your Facebook Page 'Likes' Might Drop This Week
Do you own a Facebook Business page? If yes, then you will notice a drop in the number of "likes" on your Facebook Page by next week, which could be quite disappointing but, Facebook believes, will help business to know their actual followers. FACEBOOK'S OFFICIAL MASS AUTO-UNLIKE The social netwo...
DEBIAN-CVE-2014-3477
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...
CVE-2014-3477
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...
UBUNTU-CVE-2014-3477
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...
PT-2014-1921 · Freedesktop.Org +3 · D-Bus +3
Name of the Vulnerable Software and Affected Versions: D-Bus versions 1.2.x through 1.4.x D-Bus versions 1.6.x before 1.6.20 D-Bus versions 1.8.x before 1.8.10 Description: The issue allows local users to cause a denial of service or possibly conduct a side-channel attack via a D-Bus message to a...
DEBIAN-CVE-2014-4047
Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service connection consumption via a large number of 1 inactive or 2 incomplete HTTP...
USN-2213-1 dovecot vulnerability
It was discovered that Dovecot incorrectly handled closing inactive SSL/TLS connections. A remote attacker could use this issue to cause Dovecot to stop responding to new connections, resulting in a denial of service...
CVE-2013-6457
The libxlDomainGetNumaParameters function in the libxl driver libxl/libxldriver.c in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service invalid free operation and crash or possibly execute arbitrary code via an inactive domain to t...