Security Bulletin: Vault Terraform Provider Incorrect Defaults for LDAP Auth Method, Resulting in Insecure Configuration and Potential Authentication Bypass

Summary Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in...

SUSE CVE-2025-13357

Vault's Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

CVE-2025-65792

DataGear v5.5.0 is vulnerable to Arbitrary File Deletion...

CVE-2025-13357

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

PT-2025-38843

Name of the Vulnerable Software and Affected Versions Benjamin Pick Geolocation IP Detection versions through 5.5.0 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS issue. This specific instance allo...

PT-2025-36397

Name of the Vulnerable Software and Affected Versions internetarchive versions 5.5.0 and below Description The internetarchive library contains a directory traversal vulnerability in the File.download method. The method does not properly sanitize user-supplied filenames or validate the final...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to...

UBUNTU-CVE-2025-49656

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue...

Neo4j 代码问题漏洞

Neo4j is a Java-based and fully ACID-compatible graphical database from the U.S. company Neo4j, which supports data migration, add-ons and more. A code issue vulnerability exists in Neo4j versions prior to 5.5.0 that stems from the presence of an XML External Entity XXE vulnerability, which can b...

CVE-2022-43765

B&R APROL versions R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service...

CVE-2020-4159

IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. IBM X-Force ID: 174339...

IBM QRadar Network Security 信任管理问题漏洞

IBM QRadar Network Security is a network security manager from IBM, USA. used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats.IBM QRadar Network...

PT-2020-4568 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0, 12.2.1.4.0 Description: The issue is related to insufficient input validation in the Installation component of Oracle Business Intelligence Enterprise Edition,...

CVE-2019-11497

In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This...

CVE-2018-6707

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent MA 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism...