62 matches found
Azure Linux 3.0 Security Update: samba (CVE-2022-32746)
The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-32746 advisory. - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message...
CVE-2024-34887
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...
CVE-2025-34270 Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password Not Obfuscated
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other...
EUVD-2020-7268
Malware in sbrugna...
EUVD-2024-0563
Malicious code in bioql PyPI...
EUVD-2022-35812
Malicious code in bioql PyPI...
EUVD-2024-34599
Malicious code in bioql PyPI...
EUVD-2022-46929
Malicious code in bioql PyPI...
CVE-2024-23493
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...
CVE-2022-43959
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...
Alibaba Cloud Linux 3 : 0006: libldb (ALINUX3-SA-2023:0006)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0006 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-32746: A flaw was found in the Samba AD LD...
CVE-2020-15259
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to th...
BIT-MATTERMOST-2024-23493
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...
CVE-2024-34887
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...
CVE-2024-34887
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...
CVE-2024-34887
CVE-2024-34887 affects 1C-Bitrix Bitrix24 23.300.100. The issue is "insufficiently protected credentials" in AD/LDAP server settings, enabling remote administrators to exfiltrate AD/LDAP administrator passwords to an arbitrary server via HTTP POST. Public sources (Red Hat, CNNVD, CVE listings) de...
Exposure Of Sensitive Information To An Unauthorized Actor
Mattermost is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to a lack of proper authorization checks in the /api/v4/groups//channels//link endpoint, allowing users to learn members of an AD/LDAP group linked to a team by adding the group to a...
CVE-2024-34029
Mattermost versions 9.5.x /channels//link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if the user has no access to the team...
CVE-2024-34029 AD/LDAP Group Members Leak
Mattermost versions 9.5.x /channels//link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if the user has no access to the team...
CVE-2024-34029
Mattermost suffers an authorization bypass in /api/v4/groups//channels//link, allowing a user to learn members of an AD/LDAP group linked to a team without having access to that team. Affected are Mattermost Server/Mattermost releases: 9.5.x up to 9.5.3, 9.7.x up to 9.7.1, and 8.1.x up to 8.1.12....