Malicious Package

Overview gmx-arbitrum-referrals-staging is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

Insightly: CSRF vulnerability allows disabling Gmail contacts link for user referrals

The CSRF vulnerability allowed users to disable Gmail contacts link for user referrals. The vulnerable endpoint did not sufficiently verify that the requests were intentionally performed by the user, allowing an attacker to generate a PoC that could be used to disable the victim's linked account...

CVE-2021-32966

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

CVE-2021-32966

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

CVE-2021-32966 Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

CVE-2021-32966 Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

Shopify: Limited Privilege User Can Create Unauthorized Referrals on partners.shopify.com

A privilege escalation vulnerability was discovered in Shopify's Partner Portal that allowed users without "View referrals" permission to create POS leads by directly accessing the lead creation URL. The backend API lacked proper authorization checks, enabling users to bypass the implemented...

CVE-2021-31929

Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals...

Code injection

Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals...

CVE-2021-31929

The vulnerability CVE-2021-31929 affects Annex Cloud’s Loyalty Experience Platform before version 2021.1.0.1. An authenticated attacker can modify loyalty campaigns and settings (including fraud prevention, coupon groups, email templates, and referrals), indicating insufficient authorization cont...

CVE-2021-31929

Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals...

ALBA-2021:0547 idm:DL1 bug fix and enhancement update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Bug Fixes and Enhancements: IPA WebUI inaccessible after upgrading to AlmaLinux 8.3.- idoverride-memberof.js missing...

NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Multiple Vulnerabilities (NS-SA-2020-0063)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has bind packages installed that are affected by multiple vulnerabilities: - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in...

Security Bulletin: Vulnerability in bind affects IBM Integrated Analytics System

Summary Redhat provided bind is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-8617 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a logic error in code which checks TSIG...

EulerOS Virtualization 3.0.6.6 : bind (EulerOS-SA-2020-2444)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker...

pam_ldap and nss_ldap when used with OpenLDAP and connecting to a slave using TLS does not use TLS for the subsequent connection if the client is referred to a master which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.

...

AIX 7.2 TL 3 : bind (IJ25926)

https://vulners.com/cve/CVE-2020-8616 https://vulners.com/cve/CVE-2020-8616 ISC BIND is vulnerable to a denial of service, caused by the failure to limit the number of fetches performed when processing referrals. By using specially crafted referrals, a remote attacker could exploit this...

Security Bulletin: Vulnerabilities in BIND affect AIX (CVE-2020-8616 and CVE-2020-8617)

Summary There are vulnerabilities in BIND that affect AIX. Vulnerability Details CVEID: CVE-2020-8617 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a logic error in code which checks TSIG validity. A remote attacker could exploit this vulnerability to trigger an assertion...

bind: BIND does not sufficiently limit the number of fetches performed when processing referrals

A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact ...