1390 matches found
UBUNTU-CVE-2025-24305
Insufficient control flow management in the Alias Checking Trusted Module ACTM firmware for some IntelR XeonR processors may allow a privileged user to potentially enable escalation of privilege via local access...
CVE-2025-24305
Insufficient control flow management in the Alias Checking Trusted Module ACTM firmware for some IntelR XeonR processors may allow a privileged user to potentially enable escalation of privilege via local access...
CVE-2025-24305
Insufficient control flow management in the Alias Checking Trusted Module ACTM firmware for some IntelR XeonR processors may allow a privileged user to potentially enable escalation of privilege via local access...
CVE-2025-24305
Insufficient control flow management in the Alias Checking Trusted Module ACTM firmware for some IntelR XeonR processors may allow a privileged user to potentially enable escalation of privilege via local access...
CVE-2025-24305
Insufficient control flow management in the Alias Checking Trusted Module ACTM firmware for some IntelR XeonR processors may allow a privileged user to potentially enable escalation of privilege via local access...
CVE-2025-24305
CVE-2025-24305 concerns insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware on some Intel Xeon processors, potentially allowing privilege escalation via local access. Connected sources consistently reference Intel microcode updates as the remediation path. De...
Linux Distros Unpatched Vulnerability : CVE-2019-9810
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerabilit...
Linux Distros Unpatched Vulnerability : CVE-2025-38216
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816...
SUSE CVE-2025-54998
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...
SUSE CVE-2025-55001
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...
GO-2025-3859 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao
OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...
[SECURITY] Fedora 42 Update: clash-meta-1.19.12-1.fc42
A rule based network proxy tool, also be known as mihomo...
CVE-2025-54998
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...
CVE-2025-55001
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...
The vulnerability of the LDAP protocol implementation in HashiCorp’s Vault and Vault Enterprise archiving platforms allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the LDAP protocol implementation in HashiCorp Vault and Vault Enterprise, a platform for archiving corporate information, is related to the improper handling of gaps when processing the usernameasalias parameter. Exploiting this vulnerability can allow an attacker to bypass...
CVE-2025-55001
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...
CVE-2025-55001
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force via the authentication process in the Userpass or LDAP systems. An attacker can circumvent intended user lockout protections by exploiting differences in user entity alias attribution between pre-flight and full login...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...