Lucene search
K

14 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Firefox

A malicious extension with the “search” permission could have installed a new search engine, and the favicon of this engine referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing it to bypass the same-origin policy—even though the...

6.5CVSS6.9AI score0.00436EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-10906

Malware in sbrugna...

6.5CVSS7.8AI score0.00436EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.5 views

SUSE CVE-2019-14824

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

6.5CVSS6.6AI score0.013EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.5 views

SUSE CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

6.5CVSS8.3AI score0.00436EPSS
Exploits0References4
OSV
OSV
added 2021/03/31 2:15 p.m.4 views

CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

6.5CVSS7.3AI score0.00436EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/12/15 12:0 a.m.34 views

EulerOS 2.0 SP5 : 389-ds-base (EulerOS-SA-2020-2539)

According to the versions of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An...

7.8CVSS6.9AI score0.06238EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/02/10 7:55 p.m.6 views

389-ds-base: Read permission check bypass via the deref plugin

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

6.5CVSS5.7AI score0.013EPSS
Exploits0References5
Prion
Prion
added 2019/11/08 3:15 p.m.26 views

Design/Logic Flaw

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

3.5CVSS6.2AI score0.013EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2019/11/08 3:15 p.m.9 views

UBUNTU-CVE-2019-14824

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

6.5CVSS6.7AI score0.013EPSS
Exploits0References4
CVE
CVE
added 2019/11/08 2:45 p.m.140 views

CVE-2019-14824

CVE-2019-14824 affects 389-ds-base and its deref plugin, enabling an authenticated attacker to disclose attribute values by abusing the search permission (e.g., password hashes). Public details across connected docs confirm the flaw and show patches across multiple distros: Debian (fixed in 1.3.3...

6.5CVSS6.2AI score0.013EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2019/11/08 2:45 p.m.34 views

CVE-2019-14824

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

6.5CVSS6.3AI score0.013EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2017/12/20 11:29 p.m.2 views

CVE-2017-17807

The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the requestkey system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search...

3.3CVSS6.3AI score0.0042EPSS
Exploits0References25
OSV
OSV
added 2017/12/20 11:29 p.m.0 views

DEBIAN-CVE-2017-17807

The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the requestkey system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search...

3.3CVSS7.6AI score0.0042EPSS
Exploits0References1
NVD
NVD
added 2014/10/06 2:55 p.m.18 views

CVE-2014-7870

Cross-site scripting XSS vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to...

3.5CVSS5.3AI score0.00946EPSS
Exploits0References4
Rows per page
Query Builder