Lucene search
K

157 matches found

CNNVD
CNNVD
added 2023/07/31 12:0 a.m.19 views

HashiCorp Vault 安全漏洞

HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A security vulnerability exists in HashiCorp Vault versions prior to 1.14.1, 1.13.5 and 1.13.5, which stems from the fact that HashiCorp's Vault and Vault Enterprise are vulnerable to a user...

5.3CVSS6.3AI score0.00613EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/05/31 4:3 p.m.5 views

pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

5.7CVSS5.7AI score0.00227EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.4 views

SUSE CVE-2011-2054

A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper...

7.5CVSS7.2AI score0.00858EPSS
Exploits0References3
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10413 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - Security Bundle - Authentication & Authorization Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Authentication & Authorization vulnerability found and fixed through a combination of internal and external proactive security testing: - When using NTLMv1 or NTLMv2 authentication...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/01/25 12:0 a.m.6 views

The vulnerability of the implementation of the LDAP authentication process mechanism in the Zoho ManageEngine ServiceDesk Plus system allows a perpetrator to escalate their privileges.

The vulnerability of the LDAP authentication process implementation in Zoho ManageEngine ServiceDesk Plus is related to deficiencies in the authentication procedures. Exploiting this vulnerability can allow attackers to increase their privileges remotely...

10CVSS7.7AI score0.02448EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2023/01/24 10:19 a.m.4 views

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT...

8.8CVSS7.2AI score0.0095EPSS
Exploits1References4
OSV
OSV
added 2023/01/20 5:15 p.m.6 views

CVE-2023-22964

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled...

9.1CVSS7.3AI score0.02448EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/10/24 7:29 a.m.5 views

pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

5.7CVSS5.7AI score0.00227EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/14 3:15 p.m.3 views

CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

5.7CVSS5.8AI score0.00227EPSS
Exploits0References5
OSV
OSV
added 2022/07/14 3:15 p.m.5 views

DEBIAN-CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

5.7CVSS6.1AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2021/12/06 6:15 p.m.2 views

UBUNTU-CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

9.8CVSS5.8AI score0.01068EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.5 views

Thunderdome 注入漏洞

Thunderdome is an open source agile planning poker application with an interesting theme by Steven Weathers, an individual developer in the U.S. An injection vulnerability exists in Thunderdome, which stems from the LDAP authentication feature not properly escaping the provided username, and no...

9.8CVSS5.6AI score0.01467EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/11/02 12:0 a.m.6 views

PT-2021-23204 · Unknown · Thunderdome

Name of the Vulnerable Software and Affected Versions: Thunderdome versions prior to 1.16.3 Description: The issue is related to an LDAP injection vulnerability that affects instances with LDAP authentication enabled. The provided username is not properly escaped, allowing for potential...

9.8CVSS7.3AI score0.01467EPSS
Exploits0References8
Citrix
Citrix
added 2021/01/08 12:0 a.m.13 views

Hotfix XS82E002 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart the XAPI Toolstack Content live patchable| No Baselines for Live Patch| N/A Revision History|...

7.2AI score
Exploits0
CNVD
CNVD
added 2021/01/04 12:0 a.m.3 views

parse-server encryption issue vulnerability

parse-server is an open source Backend-as-a-Service BaaS framework , it is mainly used for application back-end processing . A security vulnerability exists in Parse Server versions prior to 4.5.0 that stems from LDAP authentication involving user passwords stored in plaintext. No details of the...

7.7CVSS6.9AI score0.00796EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/12/08 8:55 a.m.2 views

activemq: LDAP authentication bypass with anonymous bind

A flaw was found in activemq. When anonymous binds are enabled on the LDAP provider zero length DN/password and the LDAP module is configured to make use of these, client credentials are not correctly verified and authentication is effectively bypassed. The highest threat from this vulnerability ...

7.5CVSS7.3AI score0.11239EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/11/26 12:0 a.m.4 views

Vulnerability of the Server component: Security: LDAP Auth of the MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the Server component’s Security: LDAP Auth module of the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

3.5CVSS6.4AI score0.01278EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/12 12:0 a.m.3 views

Vulnerability of the Server component: Security: LDAP Auth of the MySQL Server database management system, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the Server component’s Security: LDAP Auth component of the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected informati...

6.8CVSS6.8AI score0.01562EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/10 12:0 a.m.4 views

Vulnerability of the Server component: Security: LDAP Authentication of the MySQL Server database management system, allowing attackers to gain full control over the application

The vulnerability of the Server component’s Security: LDAP Auth component of the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the application using th...

8CVSS6.9AI score0.01184EPSS
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2020/10/27 7:0 a.m.3 views

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

6.8CVSS7AI score0.0178EPSS
Exploits0
Rows per page
Query Builder