21 matches found
Astra Linux – Vulnerability in OpenVPN
OpenVPN 2.1 up to v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plugins when more than one of them uses deferred authentication responses. This allows an external user to be granted access with only partially correct credentials...
Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution
Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Background Nomad’s Dynamic Host Volumes feature allows the cluster admin t...
CVE-2025-68493 impact on Bamboo
h3. Issue Summary Impact of CVE-2025-68493 in Bamboo https://cwiki.apache.org/confluence/display/WW/S2-069 Parsing of XML configuration in XWork component does not validate XML in proper way and it's vulnerable to XML external entity XXE injection. h3. Steps to Reproduce ||Impact of...
CLSA-2025-1761082098 Fix CVE(s): CVE-2022-0547
SECURITY UPDATE: Authentication bypass in external authentication plug-ins with only partially correct credentials - debian/patches/CVE-2022-0547.patch: disallow multiple deferred authentication plug-ins - CVE-2022-0547 Update sample keys for testing - debian/sample-keys/ - debian/rules -...
EUVD-2022-46577
Malicious code in bioql PyPI...
Privileged Vault Operator May Execute Code on the Underlying Host
Summary A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. This vulnerability, identified as CVE-2025-6000, is fixed in Vault Community Edition 1.20.1 and...
CVE-2022-43581
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...
Security Bulletin: Multiple vulnerabilities in IBM Content Navigator may affect IBM Business Automation Workflow
Summary IBM Business Automation Workflow embeds a version of IBM Content Navigator that is vulnerable to denial of service attacks and missing authorization. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer...
CVE-2022-43581
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...
CVE-2022-43581
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...
Authorization
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...
CVE-2022-43581 IBM Content Navigator code execution
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...
CVE-2022-43581
CVE-2022-43581 affects IBM Content Navigator versions 3.0.0 through 3.0.12, where missing authorization could allow an authenticated user to load external plugins and execute code. The issue is documented across IBM security bulletins and Red Hat advisories, with remediation guidance including ap...
CVE-2022-43581 IBM Content Navigator code execution
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...
PT-2022-26977 · Ibm · Ibm Content Navigator
Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 3.0.0 through 3.0.12 Description: The issue is related to missing authorization, which could allow an authenticated user to load external plugins and execute code. Recommendations: For IBM Content Navigator...
ALPINE-CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...
DEBIAN-CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...
CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...
CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...
OPENSUSE-SU-2021:2971-1 Security update for ntfs-3g_ntfsprogs
This update for ntfs-3gntfsprogs fixes the following issues: Update to version 2021.8.22 bsc1189720: Fixed compile error when building with libfuse vs Allowed using the full library API on systems without extended attributes support Fixed DISABLEPLUGINS as the condition for not using plugins...