Lucene search
K

205 matches found

RedhatCVE
RedhatCVE
added 2025/02/08 4:41 a.m.13 views

CVE-2025-24506

A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types...

5.3CVSS7AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2025/01/30 7:15 p.m.35 views

CVE-2025-24506

A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types...

5.3CVSS0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/30 6:39 p.m.32 views

CVE-2025-24506

A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types...

5.3CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2025/01/30 6:39 p.m.52 views

CVE-2025-24506

Broadcom Symantec Privileged Access Management (PAM) is cited as affected by CVE-2025-24506. The connected PT-2025-5378 entry states: a specific authentication strategy allows learning the IDs of PAM users associated with certain authentication types, but it does not specify affected versions and...

5.3CVSS6.7AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2024/12/26 9:15 a.m.14 views

CVE-2024-56433

shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...

3.6CVSS0.004EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.4 views

PT-2024-36816

Name of the Vulnerable Software and Affected Versions shadow-utils versions 4.4 through 4.17.0 Description The issue arises from the default /etc/subuid behavior established by shadow-utils, which can conflict with the uids of users defined on locally administered networks. This conflict can...

3.6CVSS7.2AI score0.004EPSS
Exploits0References21
Vulnrichment
Vulnrichment
added 2024/11/25 7:19 p.m.25 views

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

7.1CVSS6.7AI score0.00469EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/15 12:0 a.m.18 views

CVE-2024-50651

javashop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter...

6.4AI score0.0049EPSS
Exploits1References2
OSV
OSV
added 2024/10/10 4:43 p.m.5 views

GHSA-4GFW-WF7C-W6G2 Authd allows attacker-controlled usernames to yield controllable UIDs

CVE description: Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. ----- original report ----- Cause authd assigns user IDs as a pure function of the us...

7.5CVSS7.7AI score0.0028EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/10/10 4:43 p.m.10 views

Authd allows attacker-controlled usernames to yield controllable UIDs

CVE description: Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. ----- original report ----- Cause authd assigns user IDs as a pure function of the us...

7.5CVSS6.8AI score0.0028EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2024/10/01 9:8 a.m.7 views

Insecure Direct Object Reference (IDOR)

aimeos/ai-controller-frontend is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to a lack of proper access control and authorization checks, allowing attackers to manipulate object references like user IDs without verification...

5.3CVSS6.6AI score0.00485EPSS
Exploits0References12Affected Software1
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.4 views

PayPal,Credit Card and Debit Card Payment SQL注入漏洞

PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe individual developer. A SQL injection vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can use this vulnerability to send a specially crafted quer...

9.8CVSS7.5AI score0.00454EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/15 2:13 p.m.16 views

CVE-2024-38495 Symantec Privileged Access Manager User Enumeration vulnerability

A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database...

5.3CVSS6.6AI score0.00281EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/04/24 8:15 p.m.27 views

CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

4.9CVSS6.6AI score0.00581EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/24 7:42 p.m.22 views

CVE-2024-32879 social-auth-app-django Improper Handling of Case Sensitivity vulnerability

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

4.9CVSS5.1AI score0.00581EPSS
Exploits0References3
Circl
Circl
added 2024/03/18 3:26 a.m.11 views

CVE-2023-52159

creationtimestamp| type| source ---|---|--- 2024-03-18 03:26:43+00:00| seen| https://t.me/ctinow/210132 2024-03-18 03:26:51+00:00| seen| https://t.me/ctinow/210137...

7.5CVSS7.3AI score0.01055EPSS
Exploits0References2
Circl
Circl
added 2024/03/05 10:26 p.m.5 views

CVE-2024-2179

creationtimestamp| type| source ---|---|--- 2024-03-05 22:26:26+00:00| seen| https://t.me/ctinow/200761 2024-03-05 22:32:16+00:00| seen| https://t.me/ctinow/200771...

4.8CVSS4.5AI score0.00309EPSS
Exploits0References2
Circl
Circl
added 2024/02/22 9:26 p.m.5 views

CVE-2024-1748

creationtimestamp| type| source ---|---|--- 2024-02-22 21:26:11+00:00| seen| https://t.me/ctinow/191182 2024-02-22 21:26:15+00:00| seen| https://t.me/ctinow/191186 2024-03-13 13:36:38+00:00| seen| https://t.me/ctinow/206670...

7.5CVSS5.7AI score0.00684EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/02/19 12:0 a.m.23 views

Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover

Description The plugin does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts. PoC 1. ADMIN: Install Formidable Pro plugin 2. ADMIN: Install...

6.6AI score0.00554EPSS
Exploits2Affected Software1
NVD
NVD
added 2024/02/12 8:15 p.m.35 views

CVE-2022-22506

IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293...

4.6CVSS4.5AI score0.0029EPSS
Exploits0References2
Rows per page
Query Builder