Lucene search
K

93 matches found

Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.6 views

PT-2023-24615 · Briar · Briar

Name of the Vulnerable Software and Affected Versions: Briar versions prior to 1.4.22 Description: The issue allows attackers to spoof other users' messages in a blog, forum, or private group. However, each spoofed message would need to be an exact duplicate of a legitimate message displayed...

6.5CVSS7AI score0.00334EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.4 views

Briar 安全漏洞

Briar is an open source software communication technology from Briar Open Source. It is designed to provide secure and resilient peer-to-peer communications that operate without a central server and minimize external dependencies. A security vulnerability exists in versions of Briar prior to 1.4....

6.5CVSS6.5AI score0.00334EPSS
Exploits1References3
NVD
NVD
added 2022/11/14 9:15 p.m.36 views

CVE-2022-41913

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...

5.4CVSS0.00375EPSS
Exploits0References2
Prion
Prion
added 2022/11/14 9:15 p.m.18 views

Design/Logic Flaw

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...

5.5CVSS5.4AI score0.00375EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.5 views

CVE-2022-41913 Discourse-calendar exposes members of hidden groups

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...

4.3CVSS5.4AI score0.00375EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.39 views

CVE-2022-41913 Discourse-calendar exposes members of hidden groups

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...

4.3CVSS5.6AI score0.00375EPSS
Exploits0References2
OSV
OSV
added 2022/11/14 12:0 a.m.26 views

CVE-2022-41913 Discourse-calendar exposes members of hidden groups

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...

4.3CVSS5.6AI score0.00375EPSS
Exploits0References4
CVE
CVE
added 2022/11/14 12:0 a.m.57 views

CVE-2022-41913

CVE-2022-41913 affects the Discourse-calendar plugin for Discourse. When discourse_post_event_enabled is on, users can list members of private groups or private-group members in dynamic calendar posts, enabling disclosure of group membership. The issue is mitigated by upgrading to a version that ...

5.4CVSS4.8AI score0.00375EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/03/28 7:15 p.m.22 views

CVE-2021-39876

In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups...

4.3CVSS0.00801EPSS
Exploits1References3
Prion
Prion
added 2022/03/28 7:15 p.m.19 views

Code injection

In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups...

4CVSS4.5AI score0.00801EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/03/28 7:15 p.m.31 views

CVE-2021-39876

In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups...

4.3CVSS5.8AI score0.00801EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/03/28 6:53 p.m.23 views

CVE-2021-39876

In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups...

4.3CVSS4.8AI score0.00801EPSS
Exploits1References3
CVE
CVE
added 2022/03/28 6:53 p.m.95 views

CVE-2021-39876

CVE-2021-39876 affects GitLab CE/EE starting from version 11.3, where the autocomplete endpoint for Assignee discloses members of private groups. The root cause is an information-disclosure flaw in the Assignee autocomplete functionality, enabling partial confidentiality breach. Impact stated in ...

4.3CVSS4.4AI score0.00801EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2022/03/28 6:53 p.m.50 views

CVE-2021-39876

Removed by vendor...

4.3CVSS5.8AI score0.00801EPSS
Exploits1
NVD
NVD
added 2021/11/05 12:15 a.m.15 views

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

4.3CVSS0.00944EPSS
Exploits0References3
OSV
OSV
added 2021/11/05 12:15 a.m.18 views

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

4.3CVSS6AI score0.00944EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/11/05 12:15 a.m.18 views

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

4.3CVSS5.8AI score0.00944EPSS
Exploits0References1
OSV
OSV
added 2021/11/05 12:15 a.m.1 views

UBUNTU-CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

4.3CVSS5.7AI score0.00944EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/11/04 11:17 p.m.27 views

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

4.3CVSS4.8AI score0.00944EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/11/04 11:17 p.m.23 views

CVE-2021-39905

Removed by vendor...

4.3CVSS5.8AI score0.00944EPSS
Exploits0
Rows per page
Query Builder