CVE-2024-5213

CVE-2024-5213 affects mintplex-labs/anything-llm ≤ 1.5.3. The issue arises because the frontend response to login (/api/request-token) and user creation (/api/admin/users/new) includes the entire User object, which contains the bcrypt password hash. This causes exposure of sensitive information e...

PT-2024-35125 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions up to and including 1.5.3 Description: An issue was discovered where the password hash of a user is returned in the response after login "POST /api/request-token" and after account creations "POST...

AnythingLLM Security Vulnerability

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in Mintplex Labs AnythingLLM versions 1.5.3 and earlier, which stems from the fact that the entire User object including the bcrypt password hash is included in the response sent to the front-end, ...

DEBIAN-CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...

UBUNTU-CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...

RLSA-2024:3754 Important: ipa security update

Rocky Enterprise Software Foundation Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: delegation rules allow a proxy service to impersonate any user to...

SUSE CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...

Rocky Linux 9 : ipa (RLSA-2024:3754)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3754 advisory. freeipa: delegation rules allow a proxy service to impersonate any user to access another target service CVE-2024-2698 freeipa: user can obtain a hash o...

389-ds-base Security Vulnerability

389-ds-base is a highly available, fully featured, reliable and secure LDAP server implementation. It handles many of the largest LDAP deployments in the world. A security vulnerability exists in 389-ds-base that stems from allowing an authenticated user to use a hashed password containing a...

VulnCheck KEV: CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

CVE-2024-23111

CVE-2024-23111 is an XSS vulnerability in FortiOS (7.4.3 and older; 7.2 and 7.0 all versions) and FortiProxy (7.4.2 and older; 7.2 and 7.0 all versions) where the reboot page improperly neutralizes input, allowing a remote attacker with super-admin access to run JavaScript via crafted HTTP GET re...

Sensitive Information Disclosure

jupyterserver is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper path validation, which allows unauthenticated attackers to leak the NTLMv2 password hash of the Windows user running the server...

PT-2024-4152 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.4.4 FortiOS version 7.2 and earlier FortiOS version 7.0 and earlier FortiOS version 6.4 and earlier FortiProxy versions prior to 7.4.3 FortiProxy version 7.2 and earlier FortiProxy version 7.0 and earlier FortiProx...