Lucene search
K

158 matches found

Microsoft CVE
Microsoft CVE
added 2020/10/27 7:0 a.m.2 views

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

...

8CVSS7AI score0.01184EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/10/27 7:0 a.m.4 views

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

6.8CVSS7AI score0.0178EPSS
Exploits0
CNVD
CNVD
added 2020/10/26 12:0 a.m.3 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2020-59063)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An unspecified vulnerability exists in the Server: Security: LDAP Auth component of Oracle MySQL Server 5.7.31, 8.0.21 and earlier versions. An...

6.8CVSS7.7AI score0.0178EPSS
Exploits0References1
OSV
OSV
added 2020/10/21 3:15 p.m.2 views

UBUNTU-CVE-2020-14827

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromis...

6.5CVSS6.7AI score0.01562EPSS
Exploits0References4
CNVD
CNVD
added 2020/10/10 12:0 a.m.3 views

IBM QRadar SIEM Spoofing Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A spoofing...

7.5CVSS6.5AI score0.02084EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/28 12:0 a.m.2 views

Trend Micro Deep Security Manager LDAP Authentication Bypass Vulnerability

Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers.Deep Security Manager is a centralized web management console that allows administrators to configure security policies and deploy protection for implementation components. An LDAP authentication...

8.1CVSS7.1AI score0.02757EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/18 12:0 a.m.4 views

IBM Spectrum Virtualize Elevation of Privilege Vulnerability

IBM Spectrum Virtualize is a software-only storage product that supports software-defined storage to manage and protect massive amounts of data. An elevation of privilege vulnerability exists in IBM Spectrum Virtualize 8.3.1. A remote user authenticated via LDAP can exploit this vulnerability to...

8.1CVSS7.1AI score0.01578EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/14 12:0 a.m.4 views

Unspecified Vulnerability in OpenVPN Access Server

OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for virtual private networks VPNs that use the OpenSSL library to encrypt data and control information.OpenVPN Access Server is a commercial paid version of OpenVPN. A security vulnerability exists in...

9.8CVSS6.7AI score0.01336EPSS
Exploits0References1
Citrix
Citrix
added 2019/12/30 12:0 a.m.8 views

Desktop Studio Error: "Can't Get License Info"

The license server can be registered with XenDesktop either when XenDesktop is configured, or through the Change license server action on the Licensing node in Desktop Studio. When the administrator specifies the address of the license server, Desktop Studio attempts to discover the License...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2018/11/23 2:0 p.m.51 views

Old Printer Vulnerabilities Die Hard

Despite copious warnings and efforts by the security community to harden the defenses of printers, they continue to represent a ripe target for attackers. Just this past summer researchers at Check Point found a vulnerability that allowed an attacker to compromise a multi-function printer with fa...

9.3CVSS9.2AI score0.12227EPSS
Exploits1References2
CNVD
CNVD
added 2018/07/02 12:0 a.m.2 views

Ivanti Avalanche Information Disclosure Vulnerability

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche versions 5.3 and 6.2. The vulnerability can be exploited by a...

7.8CVSS7.8AI score0.00661EPSS
Exploits0References1
OSV
OSV
added 2018/06/29 3:29 p.m.3 views

CVE-2018-8901

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

7.8CVSS5.8AI score0.00661EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/01/31 2:0 p.m.22 views

CVE-2017-16858

The 'crowd-application' plugin module notably used by the Google Apps plugin in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...

6.5AI score0.00566EPSS
Exploits0References1
CVE
CVE
added 2018/01/31 2:0 p.m.59 views

CVE-2017-16858

The CVE-2017-16858 issue affects Atlassian Crowd’s crowd-application plugin (used by Google Apps) where versions 1.5.0–3.1.1 allow impersonation of a Crowd user in REST requests by authenticating to a directory bound to an application. In the described scenario, if Crowd is bound to directory 1 w...

6.8CVSS6.5AI score0.00566EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/12/20 11:29 p.m.19 views

CVE-2017-14385

An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual...

7.5CVSS8AI score0.05016EPSS
Exploits0References3
OSV
OSV
added 2017/12/20 7:29 p.m.3 views

CVE-2017-16731

An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 including Ellipse Select. A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by...

8.8CVSS5.8AI score0.0072EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/12/20 12:0 a.m.6 views

PT-2017-14535 · Abb · Ellipse

Name of the Vulnerable Software and Affected Versions: ABB Ellipse versions 8.3 through 8.9 Description: An issue with unprotected transport of credentials was found in the authentication of Ellipse to LDAP/AD using the LDAP protocol. This allows an attacker to exploit the issue by sniffing local...

8.8CVSS8.6AI score0.0072EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2017/09/12 7:0 a.m.46 views

Description of the security update for Outlook 2016: September 12, 2017

Description of the security update for Outlook 2016: September 12, 2017 Summary There is a Microsoft Office update for defense-in-depth updates to help improve security-related features. To learn more about the vulnerability, see Microsoft advisory ADV170015. Note To apply this security update, y...

6.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/08/03 12:0 a.m.8 views

The vulnerability of the UserFW component of the Junos operating system, which allows a hacker to gain access to the device

The vulnerability of the UserFW component used to facilitate easy implementation of user profiles through existing firewall policies in the Junos operating system exists due to the rigid encoding of registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely...

10CVSS7.8AI score0.02697EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/07/30 12:0 a.m.1 views

Palo Alto Networks PAN-OS LDAP Authentication Bypass Vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. An authentication bypass vulnerability exists in Palo Alto Networks PAN-OS. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized...

7.1AI score
Exploits0References1
Rows per page
Query Builder