Lucene search
+L

208 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2013-0273

sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service application crash via a crafted packet...

5CVSS6.7AI score0.02601EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:23 a.m.6 views

SUSE CVE-2018-16883

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "alloweduids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers...

5.5CVSS6.1AI score0.00382EPSS
Exploits0References3
NVD
NVD
added 2023/01/26 9:18 p.m.22 views

CVE-2023-0284

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...

8.1CVSS7.3AI score0.00921EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.17 views

CVE-2023-0284

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...

8.1CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2023/01/26 9:18 p.m.21 views

Input validation

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...

5.5CVSS8AI score0.00921EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/24 12:3 p.m.9 views

CVE-2023-0284 Improper validation of LDAP user IDs

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...

6.8CVSS8AI score0.00921EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:3 p.m.24 views

CVE-2023-0284 Improper validation of LDAP user IDs

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...

6.8CVSS8.2AI score0.00921EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.5 views

PT-2023-16142 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 and earlier Checkmk versions 2.0.0 through 2.0.0p32 Checkmk versions 2.1.0 through 2.1.0p19 Description: The issue is related to improper input validation of LDAP user IDs, allowing attackers who can control these IDs t...

8.1CVSS7.2AI score0.00921EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/16 9:47 p.m.36 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to cross tenant disclosure of user ids (CVE-2022-30607)

Summary IBM Robotic Process Automation is vulnerable to cross tenant disclosure of user ids CVE-2022-30607 Vulnerability Details CVEID: CVE-2022-30607 DESCRIPTION: IBM Robotic Process Automation contains a vulnerability that could allow a user to obtain sensitive information due to information...

6.5CVSS1.1AI score0.00702EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/05/09 5:55 a.m.10 views

USN-5244-2 dbus vulnerability

USN-5244-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same...

7.8CVSS5.8AI score0.00331EPSS
Exploits0References2
OSV
OSV
added 2021/12/20 10:28 a.m.9 views

OPENSUSE-SU-2021:1602-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.14 Security issues fixed: CVE-2021-41179: Fix boo1192028 - CWE-304: Two-Factor Authentication not enforced for pages marked as public CVE-2021-41178: Fix boo1192030 - CWE-434: File Traversal affecting SVG files on Nextcloud Serv...

8.8CVSS7AI score0.01727EPSS
Exploits0References7
NVD
NVD
added 2021/06/01 8:15 p.m.51 views

CVE-2021-32653

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workaroun...

4CVSS0.01205EPSS
Exploits0References3
OSV
OSV
added 2021/06/01 8:15 p.m.22 views

CVE-2021-32653

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workaroun...

2.7CVSS6.6AI score
Exploits0References3
Prion
Prion
added 2021/06/01 8:15 p.m.16 views

Code injection

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workaroun...

4CVSS4.1AI score0.01205EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
added 2021/06/01 6:11 p.m.53 views

Default settings leak federated cloud ID to lookup server of all users

None...

4CVSS4.4AI score0.01205EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/06/01 12:0 a.m.5 views

PT-2021-19831 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue affects Nextcloud Server, a package handling data storage. It sends user IDs to the lookup...

10CVSS5.8AI score0.02604EPSS
Exploits2References39
OSV
OSV
added 2021/04/13 12:0 a.m.10 views

UBUNTU-CVE-2021-23992

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbi...

4.3CVSS6.1AI score0.0048EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2021/01/26 11:0 a.m.114 views

TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks

A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users’ phone numbers, unique user IDs and other data ripe for phishing attacks. TikTok, owned by ByteDance, has more than 800 million active users worldwide. The vulnerability,...

7AI score
Exploits0References6
Prion
Prion
added 2021/01/07 9:15 p.m.23 views

Design/Logic Flaw

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the...

7.5CVSS9.3AI score0.0168EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2020/12/01 11:5 p.m.20 views

U.S. Dept Of Defense: IDOR on https://██████ via POST UID enables database scraping

Summary: The UID parameter on █████████ in the ██████ ███████ system, with ███████, does not validate that the caller has permission to view information on the UID entered, thereby enabling personnel and student data extraction. Description: The user operations API endpoint for the ███ ██████████...

0.4AI score
Exploits0
Rows per page
Query Builder