Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2019/01/17 1:56 p.m.52 views

Improper Input Validation in Apache Thrift

Apache Thrift Java client library versions 0.5.0 prior to 0.9.3-1 and 0.10.0 prior to 0.12.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in...

7.5CVSS3.8AI score0.00092EPSS
Exploits0References32Affected Software1
Cvelist
Cvelistadded 2019/01/07 6:0 p.m.26 views

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

7.4AI score0.00092EPSS
Exploits0References25
Debian CVE
Debian CVEadded 2019/01/07 6:0 p.m.25 views

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

7.5CVSS7AI score0.00092EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2019/01/04 5:50 p.m.27 views

Django vulnerable to XSS on 500 pages

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS6AI score0.09727EPSS
Exploits0References9Affected Software1
OSV
OSVadded 2017/09/07 1:29 p.m.17 views

CVE-2017-12794

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2017/09/07 1:29 p.m.3 views

CVE-2017-12794

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS5.1AI score0.09727EPSS
Exploits0References8
FreeBSD
FreeBSDadded 2017/09/05 12:0 a.m.27 views

Django -- possible XSS in traceback section of technical 500 debug page

Django blog: In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG =...

6.1CVSS6.3AI score0.09727EPSS
Exploits0References1
Rows per page
Query Builder