INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) Security Vulnerabilities

CVE-2019-25156

A vulnerability classified as problematic was found in dstar2018 Agency up to 61. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument QSType/QuickSearch leads to cross site scripting. The attack can be launched remotely. The patch is.....

CVE-2019-25156

A vulnerability classified as problematic was found in dstar2018 Agency up to 61. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument QSType/QuickSearch leads to cross site scripting. The attack can be launched remotely. The patch is.....

ipa bug fix update

An update is available for ipa. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized.....

Moderate: ipa security update

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481) For...

DL1 bug fix update

An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...

ipa security update

[4.11.0-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] - Add bind to ipa-server-common Requires [Orabug: 36518596] [4.11.0-9] - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP...

(RHSA-2024:2147) Moderate: ipa security update

Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481) For...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries...

ipa-healthcheck bug fix and enhancement update

An update is available for ipa-healthcheck. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

CVE-2024-1006

A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper....

CVE-2024-1005

A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been...

CVE-2006-3662

SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code...

Moderate: ipa security update

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481) For...

DL1 bug fix and enhancement update

An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...

RHEL 8 : ipa (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. ipa: Session not terminated after logout (CVE-2019-14826) Note that Nessus has not tested for this issue but has...

RHEL 6 : ipa (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ipa: Denial of service in IPA server due to wrong use of ber_scanf() (CVE-2019-14867) FreeIPA uses a...

sssd security and bug fix update

[2.9.4-6.0.1] - Restore default debug level for sss_cache [Orabug: 32810448] [2.9.4-6] - Resolves: RHEL-27209 - Race condition during authorization leads to GPO policies functioning inconsistently [rhel-9.4.0] [2.9.4-5] - Resolves: RHEL-28161 - Passkey cannot fall back to password [2.9.4-4] -...

sssd security and bug fix update

An update is available for sssd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon (SSSD) service provides a set of daemons to....

Moderate: sssd security and bug fix update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

ROS-20240402-09

A vulnerability in the login_password component of the FreeIpa server is related to sending user requests, that can perform actions on behalf of the user. Exploitation of the vulnerability could allow An attacker acting remotely to cause a loss of system confidentiality and...

(RHSA-2024:2571) Moderate: sssd security and bug fix update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

Exploit for Code Injection in Cisco Adaptive Security Appliance Software

CVE-2024-20359-CiscoASA-FTD-exploit Exploit for Cisco ASA and...

Joomla! Component Cookex Agency CKForms - Local File Inclusion

A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to...

(RHSA-2024:1920) Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

(RHSA-2024:1921) Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

(RHSA-2024:1922) Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

(RHSA-2024:1919) Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

Medium: ipa

Issue Overview: A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. (CVE-2024-1481) Affected Packages: ipa Note: This...

Exploit for CVE-2024-26304

CVE-2024-26304-RCE-exploits Critical RCE Vulnerabilities in...

japan-soil.net Improper Access Control vulnerability OBB-3858426

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

RHEL 9 : ipa (RHSA-2024:2147)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2147 advisory. A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command...

RHEL 9 : ipa (RHSA-2024:0141)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0141 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...

RHEL 7 : ipa (RHSA-2020:3936)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3936 advisory. jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) bootstrap: XSS in the data-target attribute...

CVE-2023-5455

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...

ipa-india.org Cross Site Scripting vulnerability OBB-3860677

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

RHEL 9 : ipa (RHSA-2024:0140)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0140 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...

RHEL 8 : ipa (RHSA-2021:2026)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2026 advisory. slapi-nis: NULL dereference (DoS) with specially crafted Binding DN (CVE-2021-3480) Note that Nessus has not tested for this issue but has instead...

RHEL 9 : ipa (RHSA-2024:0142)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0142 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...

RHEL 7 : ipa (RHSA-2021:0860)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0860 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods (CVE-2020-11023) Note that Nessus has not tested for this...

Oracle Linux 9 : ipa (ELSA-2024-2147)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2147 advisory. A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause...

RHEL 7 : ipa (RHSA-2021:5195)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5195 advisory. samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719) Note that Nessus has not tested for this issue but...

RHEL 7 : ipa (RHSA-2024:0145)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0145 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...

RHEL 6 : ipa (RHSA-2011:1533)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1533 advisory. FreeIPA: CSRF vulnerability (CVE-2011-3636) Note that Nessus has not tested for this issue but has instead relied only on the application's...

RHEL 7 : ipa (RHSA-2020:0378)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0378 advisory. ipa: Batch API logging user passwords to /var/log/httpd/error_log (CVE-2019-10195) ipa: Denial of service in IPA server due to wrong use...

CVE-2023-5455 Ipa: invalid csrf protection

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...

Security Bulletin: A vulnerability exists in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary Java on z/OS properties files not read correctly under certain locales / codepages vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2 Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 ...

japan-expo-paris.com Improper Access Control vulnerability OBB-3868400

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

RHEL 5 : ipa-client (RHSA-2013:0189)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0189 advisory. ipa: weakness when initiating join from IPA client can potentially compromise IPA domain (CVE-2012-5484) Note that Nessus has not tested for this...

Security Bulletin: Multiple vulnerabilities exists in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details....