Lucene search
K

29 matches found

OSV
OSV
added 2022/06/27 9:15 p.m.2 views

DEBIAN-CVE-2022-31088

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed ...

5.3CVSS6.3AI score0.01201EPSS
Exploits0References1
Prion
Prion
added 2022/06/14 8:15 a.m.20 views

Remote code execution

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

7.5CVSS9.5AI score0.04737EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/01/11 8:42 p.m.5 views

USN-5222-1 apache-log4j2 vulnerabilities

It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. CVE-2021-44832 Hideki Okamoto and Guy...

8.5CVSS6.8AI score0.99999EPSS
Exploits22References3
OSV
OSV
added 2021/12/28 8:15 p.m.41 views

CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...

6.6CVSS7.1AI score
Exploits0References12
Vulnrichment
Vulnrichment
added 2021/12/28 7:35 p.m.9 views

CVE-2021-44832 Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...

7.8AI score0.97906EPSS
Exploits9References12
Debian CVE
Debian CVE
added 2021/12/28 7:35 p.m.45 views

CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...

8.5CVSS8.8AI score0.97906EPSS
Exploits9
Positive Technologies
Positive Technologies
added 2019/07/01 12:0 a.m.6 views

PT-2019-17021 · Ibm +1 · Ibm Robotic Process Automation +1

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation with Automation Anywhere version 11 Description: The issue allows a remote authenticated attacker to conduct an LDAP injection by using a specially crafted request. This could enable the attacker to make...

6.4CVSS5.9AI score0.01058EPSS
Exploits0References3
OSV
OSV
added 2007/04/03 12:19 a.m.2 views

DEBIAN-CVE-2007-1840

lib/modules.inc in LDAP Account Manager LAM before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting XSS...

4.3CVSS6.3AI score0.01321EPSS
Exploits0References1
OSV
OSV
added 2005/08/12 4:0 a.m.2 views

DEBIAN-CVE-2005-2549

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 full vCard data, 2 contact data from remote LDAP servers, or 3 task list data from remote servers...

7.5CVSS7.7AI score0.04426EPSS
Exploits0References1
Rows per page
Query Builder