A vulnerability classified as problematic was found in dstar2018 Agency up to 61. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument QSType/QuickSearch leads to cross site scripting. The attack can be launched remotely. The patch is.....
6.2AI Score
0.001EPSS
A vulnerability classified as problematic was found in dstar2018 Agency up to 61. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument QSType/QuickSearch leads to cross site scripting. The attack can be launched remotely. The patch is.....
6.1CVSS
6.8AI Score
0.001EPSS
An update is available for ipa. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized.....
7.2AI Score
AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481) For...
6.8AI Score
0.0004EPSS
An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...
7.2AI Score
[4.11.0-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] - Add bind to ipa-server-common Requires [Orabug: 36518596] [4.11.0-9] - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP...
6.2AI Score
0.0004EPSS
(RHSA-2024:2147) Moderate: ipa security update
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481) For...
6.8AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries...
6.4AI Score
0.001EPSS
ipa-healthcheck bug fix and enhancement update
An update is available for ipa-healthcheck. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper....
5.3CVSS
7.2AI Score
0.002EPSS
A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been...
7.5CVSS
7.4AI Score
0.003EPSS
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code...
9.4AI Score
0.008EPSS
AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481) For...
6.6AI Score
0.0004EPSS
DL1 bug fix and enhancement update
An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...
7.2AI Score
RHEL 8 : ipa (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. ipa: Session not terminated after logout (CVE-2019-14826) Note that Nessus has not tested for this issue but has...
4.8AI Score
RHEL 6 : ipa (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ipa: Denial of service in IPA server due to wrong use of ber_scanf() (CVE-2019-14867) FreeIPA uses a...
7.4AI Score
sssd security and bug fix update
[2.9.4-6.0.1] - Restore default debug level for sss_cache [Orabug: 32810448] [2.9.4-6] - Resolves: RHEL-27209 - Race condition during authorization leads to GPO policies functioning inconsistently [rhel-9.4.0] [2.9.4-5] - Resolves: RHEL-28161 - Passkey cannot fall back to password [2.9.4-4] -...
7.5AI Score
0.0004EPSS
sssd security and bug fix update
An update is available for sssd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon (SSSD) service provides a set of daemons to....
7.8AI Score
0.0004EPSS
Moderate: sssd security and bug fix update
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...
7.4AI Score
0.0004EPSS
A vulnerability in the login_password component of the FreeIpa server is related to sending user requests, that can perform actions on behalf of the user. Exploitation of the vulnerability could allow An attacker acting remotely to cause a loss of system confidentiality and...
6.5CVSS
6.6AI Score
0.001EPSS
(RHSA-2024:2571) Moderate: sssd security and bug fix update
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...
7.8AI Score
0.0004EPSS
Exploit for Code Injection in Cisco Adaptive Security Appliance Software
CVE-2024-20359-CiscoASA-FTD-exploit Exploit for Cisco ASA and...
6CVSS
7.5AI Score
0.003EPSS
Joomla! Component Cookex Agency CKForms - Local File Inclusion
A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to...
6.6AI Score
0.005EPSS
(RHSA-2024:1920) Moderate: sssd security update
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...
7.6AI Score
0.0004EPSS
(RHSA-2024:1921) Moderate: sssd security update
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...
7.6AI Score
0.0004EPSS
(RHSA-2024:1922) Moderate: sssd security update
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...
7.6AI Score
0.0004EPSS
(RHSA-2024:1919) Moderate: sssd security update
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...
7.6AI Score
0.0004EPSS
Issue Overview: A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. (CVE-2024-1481) Affected Packages: ipa Note: This...
7.4AI Score
0.0004EPSS
CVE-2024-26304-RCE-exploits Critical RCE Vulnerabilities in...
7.5AI Score
0.0004EPSS
japan-soil.net Improper Access Control vulnerability OBB-3858426
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2147 advisory. A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command...
5.2AI Score
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0141 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...
6.8AI Score
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3936 advisory. jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) bootstrap: XSS in the data-target attribute...
7.9AI Score
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...
8AI Score
0.001EPSS
ipa-india.org Cross Site Scripting vulnerability OBB-3860677
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0140 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...
6.8AI Score
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2026 advisory. slapi-nis: NULL dereference (DoS) with specially crafted Binding DN (CVE-2021-3480) Note that Nessus has not tested for this issue but has instead...
7.4AI Score
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0142 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...
6.8AI Score
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0860 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods (CVE-2020-11023) Note that Nessus has not tested for this...
7.2AI Score
Oracle Linux 9 : ipa (ELSA-2024-2147)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2147 advisory. A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to...
7AI Score
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause...
7.3AI Score
0.001EPSS
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5195 advisory. samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719) Note that Nessus has not tested for this issue but...
7.8AI Score
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0145 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...
6.8AI Score
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1533 advisory. FreeIPA: CSRF vulnerability (CVE-2011-3636) Note that Nessus has not tested for this issue but has instead relied only on the application's...
6.5AI Score
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0378 advisory. ipa: Batch API logging user passwords to /var/log/httpd/error_log (CVE-2019-10195) ipa: Denial of service in IPA server due to wrong use...
7.9AI Score
CVE-2023-5455 Ipa: invalid csrf protection
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...
6.4AI Score
0.001EPSS
Summary Java on z/OS properties files not read correctly under certain locales / codepages vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2 Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 ...
6.2AI Score
japan-expo-paris.com Improper Access Control vulnerability OBB-3868400
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
RHEL 5 : ipa-client (RHSA-2013:0189)
The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0189 advisory. ipa: weakness when initiating join from IPA client can potentially compromise IPA domain (CVE-2012-5484) Note that Nessus has not tested for this...
8.6AI Score
Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details....
6.9AI Score
0.001EPSS