6775 matches found
DEBIAN-CVE-2024-52792
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
UBUNTU-CVE-2024-52792
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
CVE-2024-52792 Arbitrary config values override in lam
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
CVE-2024-52792 Arbitrary config values override in lam
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
CVE-2024-52792
LDAP Account Manager (LAM) is a PHP web frontend for managing entries in an LDAP directory. In affected versions, LAM does not sanitize configuration values set through mainmanage.php and confmain.php, allowing an attacker to smuggle arbitrary config values into config.cfg or serverprofile.conf b...
CVE-2024-52792 Arbitrary config values override in lam
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
LDAP Account Manager 安全漏洞
LDAP Account Manager LAM is a web front-end to the LDAP Account Manager open source for managing entries e.g. users, groups, DHCP settings stored in the LDAP directory. A security vulnerability exists in LDAP Account Manager versions prior to 9.0 that stems from incorrect input validation of...
CVE-2024-55951 Metabase sandboxed users could see filter values from other sandboxed users
Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There ar...
CVE-2024-55951 Metabase sandboxed users could see filter values from other sandboxed users
Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There ar...
CVE-2024-55951
CVE-2024-55951 (Metabase) affects Metabase 1.52.x prior to 1.52.2.5, where sandboxed users could view field filter values from other sandboxed users. Root cause: sandbox isolation flaw in new sandboxing configurations created between 1.52.0 and 1.52.2.4. Impact: information disclosure within sand...
CVE-2024-55951 Metabase sandboxed users could see filter values from other sandboxed users
Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There ar...
Metabase 信息泄露漏洞
Metabase is an open source data analytics platform from Metabase, Inc. in the United States. An information disclosure vulnerability exists in Metabase that stems from a sandbox user being able to see field filter values from other sandbox users...
quarkus-core: Leak of local configuration properties into Quarkus applications
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...
Sensitive Information Disclosure
Rancher Manager is vulnerable to sensitive information disclosure. The vulnerability is due to Helm values being stored directly in the Apps Custom Resource Definition and leaking into audit logs when the audit level is set to 2 or above, allowing users with GET access to read sensitive informati...
CVE-2024-47603
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstmatroskademuxupdatetracks function within matroska-demux.c. The vulnerability occurs when the gstcapsisequal function is called with invalid caps...
PT-2025-3029 · Apple · Macos Sonoma +3
Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.7.2 macOS Sequoia versions prior to 15.2 macOS Ventura versions prior to 13.7.2 Description: A privacy issue was addressed with improved private data redaction for log entries. This issue may allow an app to...
PT-2024-41095 · Ооо 'Mсофт' · Mflash
Уязвимость платформы защищённого обмена данными MFlash связана с отсутствием нейтрализации элементов для файлов CSV. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольные команды...
CVE-2024-55565
nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...
Predictable results in nanoid generation when given non-integer values
When nanoid is called with a fractional value, there were a number of undesirable effects: 1. in browser and non-secure, the code infinite loops on while size-- 2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled 3. if the...
Sensitive Data Exposure
org.keycloak, keycloak-quarkus-server is vulnerable to Sensitive Data Exposure. The vulnerability is due to the capture of sensitive runtime values, such as passwords, during the build process and their embedding as default values in bytecode, which allows an attacker to access sensitive data...