16 matches found
CVE-2026-5794 Vulnerability in Cryptobox allows an authenticated user to trigger an account lockout
A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...
PT-2024-26900 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 Discourse versions prior to 3.3.0.beta3 Discourse versions prior to 3.3.0.beta4-dev Description: A rogue staff user could suspend other staff users, preventing them from logging in to the site. Recommendation...
CVE-2023-50356
SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision Server. This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login...
SUSE CVE-2010-4341
The pamparseindatav2 function in src/responder/pam/pamsrvcmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service infinite loop, crash, and login prevention via a crafted packet...
GHSA-P93V-M2R2-4387 Denial of service via insufficient metadata validation
The PAM module for fscrypt through v0.3.2 doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from...
UBUNTU-CVE-2022-25327
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...
CVE-2018-1000863
A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into...
CVE-2015-3170
selinux-policy when sysctl fs.protectedhardlinks are set to 0 allows local users to cause a denial of service SSH login prevention by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy...
Code injection
selinux-policy when sysctl fs.protectedhardlinks are set to 0 allows local users to cause a denial of service SSH login prevention by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy...
CVE-2015-3170
CVE-2015-3170 describes a local denial-of-service in SELinux policy handling. The issue lies in the policy when sysctl fs.protected_hardlinks is set to 0, allowing a local user to create a hardlink to /etc/passwd from a directory named .config and then update selinux-policy, which prevents SSH lo...
sssd: DoS in sssd PAM responder can prevent logins
The pamparseindatav2 function in src/responder/pam/pamsrvcmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service infinite loop, crash, and login prevention via a crafted packet...
CVE-2010-4341
The pamparseindatav2 function in src/responder/pam/pamsrvcmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service infinite loop, crash, and login prevention via a crafted packet...
CVE-2010-4341
The pamparseindatav2 function in src/responder/pam/pamsrvcmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service infinite loop, crash, and login prevention via a crafted packet...
CVE-2010-4341
The pamparseindatav2 function in src/responder/pam/pamsrvcmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service infinite loop, crash, and login prevention via a crafted packet...
Lock account after multiple login failure
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-23412. panel For security purposes, it is desirable to have a mechanism to lock an account if the user attempted multiple login unsuccessfull...
Google Reader cross-site request forgery vulnerability
Overview Google Reader is vulnerable to a persistent cross-site request forgery attack that may be exploited by a specially crafted RSS feed. Description Google Reader is an online RSS feed reader. It can display text and images when displaying RSS feeds.Google Reader contains a cross-site reques...