83 matches found
CVE-2022-34174
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...
Default credentials
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...
CVE-2020-13289
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated...
PT-2020-13430 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered in certain cases where an invalid username could be accepted when 2FA is activated. Recommendations:...
EulerOS Virtualization 3.0.2.2 : cups (EulerOS-SA-2020-1461)
According to the versions of the cups package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The addjob function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by...
EulerOS Virtualization for ARM 64 3.0.2.0 : cups (EulerOS-SA-2020-1227)
According to the version of the cups package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The addjob function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attacke...
Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2019-2422)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : cups (EulerOS-SA-2019-2422)
According to the version of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The addjob function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs...
EulerOS 2.0 SP5 : cups (EulerOS-SA-2019-2135)
According to the version of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The addjob function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs...
cPanel Input Validation Error Vulnerability (CNVD-2019-29604)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 68.0.15, which stems from the program allowing user accounts to be...
CVE-2017-18401
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats SEC-334...
Design/Logic Flaw
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats SEC-334...
CVE-2017-18401
CVE-2017-18401 affects cPanel prior to 68.0.15, where account creation could partially succeed with invalid username formats (SEC-334). The vulnerability is documented across multiple sources (NVD/Red Hat/CNVD). A patch to 68.0.15 or later is the stated remediation in available references; no exp...
UBUNTU-CVE-2017-2659
It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...
OpenSSH 7.x Username Enumeration
!/usr/bin/env python Copyright c 2018 Matthew Daley Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files the "Software", to deal in the Software without restriction, including without limitation the rights to use, copy,...
Fuzzer SMB Session Setup Invalid Username - Ver2
A vulnerability exists in Fuzzer. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Debian DLA-1387-1 : cups security update
CVE-2017-18248 It was found that by submitting a print job with an invalid username, the CUPS server can be crashed, when D-Bus support is enabled which is the case for Debian. For Debian 7 'Wheezy', these problems have been fixed in version 1.5.3-5+deb7u8. We recommend that you upgrade your cups...
Debian: Security Advisory (DLA-1387-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2018-0224 Updated cups packages fix security vulnerability
CUPS before version 2.2.6 has a vulnerability in the handling of usernames in the scheduler/ipp.c:addjob function. A remote attacker could exploit this by submitting a print job with an invalid UTF-8 username to cause a crash and subsequent denial of service CVE-2017-18248...
ncurses denial of service vulnerability (CNVD-2018-09192)
ncurses is a character terminal processing library , it can provide a series of functions for the user to call and generate text-based user interface . A security vulnerability exists in the 'ncparseentry' function in the tinfo/parseentry.c file in versions of ncurses prior to 6.1.20180414. A...