158 matches found
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2020-59063)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An unspecified vulnerability exists in the Server: Security: LDAP Auth component of Oracle MySQL Server 5.7.31, 8.0.21 and earlier versions. An...
UBUNTU-CVE-2020-14827
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromis...
IBM QRadar SIEM Spoofing Vulnerability
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A spoofing...
Trend Micro Deep Security Manager LDAP Authentication Bypass Vulnerability
Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers.Deep Security Manager is a centralized web management console that allows administrators to configure security policies and deploy protection for implementation components. An LDAP authentication...
IBM Spectrum Virtualize Elevation of Privilege Vulnerability
IBM Spectrum Virtualize is a software-only storage product that supports software-defined storage to manage and protect massive amounts of data. An elevation of privilege vulnerability exists in IBM Spectrum Virtualize 8.3.1. A remote user authenticated via LDAP can exploit this vulnerability to...
Unspecified Vulnerability in OpenVPN Access Server
OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for virtual private networks VPNs that use the OpenSSL library to encrypt data and control information.OpenVPN Access Server is a commercial paid version of OpenVPN. A security vulnerability exists in...
Desktop Studio Error: "Can't Get License Info"
The license server can be registered with XenDesktop either when XenDesktop is configured, or through the Change license server action on the Licensing node in Desktop Studio. When the administrator specifies the address of the license server, Desktop Studio attempts to discover the License...
Old Printer Vulnerabilities Die Hard
Despite copious warnings and efforts by the security community to harden the defenses of printers, they continue to represent a ripe target for attackers. Just this past summer researchers at Check Point found a vulnerability that allowed an attacker to compromise a multi-function printer with fa...
Ivanti Avalanche Information Disclosure Vulnerability
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche versions 5.3 and 6.2. The vulnerability can be exploited by a...
CVE-2018-8901
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...
CVE-2017-16858
The 'crowd-application' plugin module notably used by the Google Apps plugin in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...
CVE-2017-16858
The CVE-2017-16858 issue affects Atlassian Crowd’s crowd-application plugin (used by Google Apps) where versions 1.5.0–3.1.1 allow impersonation of a Crowd user in REST requests by authenticating to a directory bound to an application. In the described scenario, if Crowd is bound to directory 1 w...
CVE-2017-14385
An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual...
CVE-2017-16731
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 including Ellipse Select. A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by...
PT-2017-14535 · Abb · Ellipse
Name of the Vulnerable Software and Affected Versions: ABB Ellipse versions 8.3 through 8.9 Description: An issue with unprotected transport of credentials was found in the authentication of Ellipse to LDAP/AD using the LDAP protocol. This allows an attacker to exploit the issue by sniffing local...
Description of the security update for Outlook 2016: September 12, 2017
Description of the security update for Outlook 2016: September 12, 2017 Summary There is a Microsoft Office update for defense-in-depth updates to help improve security-related features. To learn more about the vulnerability, see Microsoft advisory ADV170015. Note To apply this security update, y...
The vulnerability of the UserFW component of the Junos operating system, which allows a hacker to gain access to the device
The vulnerability of the UserFW component used to facilitate easy implementation of user profiles through existing firewall policies in the Junos operating system exists due to the rigid encoding of registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely...
Palo Alto Networks PAN-OS LDAP Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. An authentication bypass vulnerability exists in Palo Alto Networks PAN-OS. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized...