Lucene search
K

59 matches found

BDU FSTEC
BDU FSTEC
added 2022/01/25 12:0 a.m.10 views

The vulnerability of the UserAttributeSimilarityValidator component in the Django web development framework allows a attacker to perform a denial-of-service attack.

The vulnerability of the UserAttributeSimilarityValidator component in the Django web development framework is related to a resource management error. Exploiting this vulnerability could allow an attacker to perform a denial-of-service attack by sending a specially created password to the...

7.8CVSS7.1AI score0.02397EPSS
Exploits0References9Affected Software4
OSV
OSV
added 2022/01/05 12:15 a.m.1 views

PYSEC-2022-1

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user...

7.5CVSS7.1AI score0.02397EPSS
Exploits0References4
OSV
OSV
added 2022/01/04 10:0 a.m.5 views

UBUNTU-CVE-2021-45115

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user...

7.5CVSS7.1AI score0.02397EPSS
Exploits0References3
NVD
NVD
added 2020/06/19 7:15 p.m.27 views

CVE-2020-9495

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users...

5.3CVSS0.08004EPSS
Exploits1References6
Prion
Prion
added 2020/06/19 7:15 p.m.21 views

Code injection

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users...

5CVSS5.5AI score0.08004EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2019/12/10 11:15 p.m.22 views

Authentication flaw

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U MS-SFU Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos...

6.4CVSS5.2AI score0.02783EPSS
Exploits0References14Affected Software5
Atlassian
Atlassian
added 2018/06/06 11:12 p.m.556 views

User emails visible in page source

A customer reported that user emails are being included in the page source on issue pages. Even with email visibility set to "Hidden", the reporter and assignee emails are included in the page source. The email is in an attribute called data-user as part of a span tag. Example from this page:...

0.3AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.31 views

FreeBSD : shibboleth-sp -- vulnerable to forged user attribute data (3dbe9492-f7b8-11e7-a12d-6cc21735f730)

Shibboleth consortium reports : Shibboleth SP software vulnerable to forged user attribute data The Service Provider software relies on a generic XML parser to process SAML responses and there are limitations in older versions of the parser that make it impossible to fully disable Document Type...

6.5CVSS6.4AI score0.01518EPSS
Exploits2References3
Prion
Prion
added 2018/01/13 6:29 p.m.17 views

Information disclosure

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...

6.4CVSS6.1AI score0.01518EPSS
Exploits2References5Affected Software2
Cvelist
Cvelist
added 2018/01/13 6:0 p.m.26 views

CVE-2018-0486

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...

6.1AI score0.01518EPSS
Exploits2References5
Debian CVE
Debian CVE
added 2018/01/13 6:0 p.m.49 views

CVE-2018-0486

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...

6.5CVSS5.8AI score0.01518EPSS
Exploits2
CNVD
CNVD
added 2017/03/28 12:0 a.m.2 views

Novell eDirectory Remote Elevation of Privilege Vulnerability

Novell eDirectory is an identity management infrastructure platform that combines identity management architecture and directory services technology from Novell, USA. The platform provides authentication policies, data backup and recovery services, data disaster recovery and other functions. A...

7.5CVSS7.4AI score0.01244EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/03/26 3:50 p.m.33 views

Moderate: Red Hat Security Advisory: ipa and slapi-nis security and bug fix update

Updated ipa and slapi-nis packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

7.8CVSS6.8AI score0.03145EPSS
Exploits0References7
NVD
NVD
added 2014/04/10 11:55 p.m.24 views

CVE-2014-0908

The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...

6CVSS5.9AI score0.01055EPSS
Exploits1References3
Prion
Prion
added 2014/04/10 11:55 p.m.16 views

Authorization

The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...

6CVSS6.4AI score0.01055EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/04/10 11:0 p.m.33 views

CVE-2014-0908

The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...

5.9AI score0.01055EPSS
Exploits1References3
CVE
CVE
added 2014/04/10 11:0 p.m.60 views

CVE-2014-0908

IBM BPM's User Attribute feature (Standard/Express/Advanced) across 7.5.x, 8.0.x, 8.5.x does not enforce authorization for read/write of attribute values via REST, enabling remote authenticated users to read or modify attributes and affect email notifications or task assignments. Affected version...

6CVSS6.1AI score0.01055EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2012/12/19 11:55 a.m.12 views

CVE-2012-4848

Multiple cross-site scripting XSS vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the 1 First Name or 2 Last Name field...

3.5CVSS5.2AI score0.00759EPSS
Exploits0References2
securityvulns
securityvulns
added 2002/01/28 12:0 a.m.40 views

Несанкционированный доступ в OpenLDAP (unauthorized access)

Пользователь может удалить любой аттрибут...

2AI score
Exploits0Affected Software1
Rows per page
Query Builder