8 matches found
InvenTree 安全漏洞
InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.6 contained security vulnerabilities. These vulnerabilities stemmed from the batch operation API...
ipa: Batch API logging user passwords to /var/log/httpd/error_log
A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party...
RHEL 8 : idm:DL1 (RHSA-2020:1269)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1269 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...
Scientific Linux Security Update : ipa on SL7.x x86_64 (20200205)
Security Fixes : - ipa: Denial of service in IPA server due to wrong use of berscanf CVE-2019-14867 - ipa: Batch API logging user passwords to /var/log/httpd/errorlog CVE-2019-10195 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description...
ipa: Batch API logging user passwords to /var/log/httpd/error_log
A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party...
Important: Red Hat Security Advisory: ipa security and bug fix update
An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
ipa: Batch API logging user passwords to /var/log/httpd/error_log
A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party...
EntityBulkDelete - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-089
EntityBulkDelete module allows you to delete entities in bulk using the Batch API. The module doesn't sufficiently sanitize user supplied text in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must be...