Lucene search
+L

93 matches found

debiancve
debiancve
added 2019/09/09 7:56 p.m.25 views

CVE-2019-6996

Removed by vendor...

4.3CVSS6.7AI score0.00798EPSS
Exploits0
oraclelinux
oraclelinux
added 2019/08/13 12:0 a.m.42 views

sssd security, bug fix, and enhancement update

1.16.4-21 - Resolves: rhbz1714952 - sssd RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly 1.16.4-20 - Resolves: rhbz1714952 - sssd RHEL 7.7 Tier 0 Localization 1.16.4-19 - Resolves: rhbz1707959 - sssd does not properly check GSS-SPNEGO 1.16.4-18 - Resolves: rhbz1710286 - The...

5.5CVSS0.1AI score0.01122EPSS
Exploits0
nvd
nvd
added 2019/07/10 5:15 p.m.24 views

CVE-2018-19584

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

7.5CVSS7.3AI score0.01545EPSS
Exploits1References2
prion
prion
added 2019/07/10 5:15 p.m.20 views

Design/Logic Flaw

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

5CVSS7.4AI score0.01545EPSS
Exploits1References2Affected Software1
ubuntucve
ubuntucve
added 2019/07/10 5:15 p.m.29 views

CVE-2018-19584

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

7.5CVSS7.1AI score0.01545EPSS
Exploits1References2
cve
cve
added 2019/07/10 4:50 p.m.67 views

CVE-2018-19584

Summary: CVE-2018-19584 affects GitLab Enterprise Edition (GitLab EE). Versions 11.x prior to 11.3.11, 11.4 prior to 11.4.8, and 11.5 prior to 11.5.1 are vulnerable to an insecure direct object reference that allows authenticated, but unauthorized, users to view members and milestone details of p...

7.5CVSS7.1AI score0.01545EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2019/07/10 4:50 p.m.24 views

CVE-2018-19584

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

7.2AI score0.01545EPSS
Exploits1References2
hackerone
hackerone
added 2018/11/13 3:44 a.m.13 views

GitLab: Add and Access to Labels of any Private Projects/Groups of Gitlab(IDOR)

Summary & Description : If you have a private project or private group then no non member should be able to access any information.But Adding Labels in your Private boards API request is vulnerable to IDOR attack which is leading to add private group/project labels and access it. Vulnerable Reque...

6.9AI score
Exploits0
taosecurity
taosecurity
added 2016/10/18 3:15 p.m.13 views

Five Ways That Good Guys Share More Than Bad Guys

It takes a lot for me to write a cybersecurity blog post these days. I spend most of my writing time working on my PhD. Articles like Nothing Brings Banks Together Like A Good Hack drive me up the wall, however, and a Tweet rant is insufficient. What fired me up, you might ask? Please read the...

6.5AI score
Exploits0
hackerone
hackerone
added 2015/03/13 10:50 p.m.17 views

Vimeo: Post in private groups after getting removed

Steps to reproduce: 1. A uservictim have a private video and he have added it on his private groups. Now the group members can see it and comment to it. 2. The attacker is on the group and he adds a new comment and capture the request using burp proxy. 3. Then the attacker is removed from the gro...

1AI score
Exploits0
hackerone
hackerone
added 2015/03/10 10:32 a.m.11 views

Vimeo: A user can add videos to other user's private groups

It is possible for a user to add videos to other user's private groups. Steps to verify: 1. Log into vimeo.com as Alice. Create a new group lets say, AlicePrivateGroup with group id 301924 and choose 'Only members can see this group' setting. 2. Login as Bob and create a new group lets say,...

0.5AI score
Exploits0
ubuntucve
ubuntucve
added 2012/11/16 12:24 p.m.27 views

CVE-2012-4198

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover privat...

4CVSS5.9AI score0.00874EPSS
Exploits1References3
ubuntucve
ubuntucve
added 2011/08/09 7:55 p.m.24 views

CVE-2011-2380

Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during 1 bug creation or 2 bug editing...

5CVSS5.9AI score0.01766EPSS
Exploits0References1
Rows per page
Query Builder