Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A bind authentication bypass vulnerability exists in Huawei HarmonyOS devicemanager, which can be exploited by an attacker to compromise confidentiality...

Security Bulletin: IBM Security Verify Bridge uses relatively weak cryptographic algorithms in two of its functions (CVE-2021-20441)

Summary In two instances, IBM Security Verify Bridge ISVB uses a relatively weak cryptographic algorithm. 1 If no transport layer security TLS preference is specified, ISVB defaults to TLS 1.0 which has known vulnerabilities. 2 When generating a random number during LDAP bind authentication, ISVB...

Remote Code Execution

activemq-broker is vulnerable to remote code execution. A regression that prevents JMX re-bind allows an attacker to execute arbitrary code by passing an empty environment map to MIConnectorServer instead of the map that contains the authentication credentials...

CVE-2017-8028

In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...

Server: multiple memory leaks

Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service memory consumption via vectors involving 1 the authentication / bind phase and 2 anonymous LDAP search...