CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

129 matches found

Cvelist•added 2024/10/21 12:14 p.m.•14 views

CVE-2024-47729 drm/xe: Use reserved copy engine for user binds on faulting devices

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by using reserved copy engine for user binds o...

0.00204EPSS

Exploits0References2

Vulnrichment•added 2024/10/21 12:14 p.m.•8 views

CVE-2024-47729 drm/xe: Use reserved copy engine for user binds on faulting devices

7AI score0.00204EPSS

Exploits0References2

Debian CVE•added 2024/10/21 12:14 p.m.•8 views

CVE-2024-47729

5.5CVSS5.4AI score0.00204EPSS

Exploits0

OSV•added 2024/10/21 12:14 p.m.•7 views

CVE-2024-47729 drm/xe: Use reserved copy engine for user binds on faulting devices

5.5CVSS6.1AI score0.00204EPSS

Exploits0References5

Positive Technologies•added 2024/05/27 12:0 a.m.•2 views

PT-2024-26893 · Dbt-Core · Dbt-Core

Name of the Vulnerable Software and Affected Versions: dbt-core versions prior to 1.6.15 dbt-core versions prior to 1.7.15 dbt-core versions prior to 1.8.1 Description: The issue arises from binding to INADDR ANY 0.0.0.0 or IN6ADDR ANY ::, which exposes the application on all network interfaces,...

5.3CVSS6.8AI score0.0071EPSS

Exploits0References16

SUSE CVE•added 2023/02/15 6:2 a.m.•2 views

SUSE CVE-2009-3231

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password...

6.8CVSS7.3AI score0.07568EPSS

Exploits0References6

SUSE CVE•added 2023/02/15 4:9 a.m.•2 views

SUSE CVE-2019-14511

Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only...

7.5CVSS7.7AI score0.02042EPSS

Exploits1References4

OSV•added 2022/05/13 1:1 a.m.•60 views

GHSA-GV9V-C375-HVMG Improper Authentication in Spring Security

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...

7.3CVSS7.1AI score0.01209EPSS

Exploits0References7

Github Security Blog•added 2022/05/13 1:1 a.m.•22 views

Improper Authentication in Spring Security

7.5CVSS6.9AI score0.01209EPSS

Exploits0References8Affected Software1

Tenable Nessus•added 2021/01/15 12:0 a.m.•43 views

SUSE SLED15 / SLES15 Security Update : openldap2 (SUSE-SU-2021:0129-1)

This update for openldap2 fixes the following issues : Security issues fixed : CVE-2020-25709: Fixed a crash caused by specially crafted network traffic bsc1178909. CVE-2020-25710: Fixed a crash caused by specially crafted network traffic bsc1178909. Non-security issue fixed : Retry binds in the...

7.5CVSS7.4AI score0.02858EPSS

Exploits0References7

OSV•added 2020/11/06 5:35 p.m.•18 views

GHSA-5HMM-X8Q8-W5JH LDAP authentication bypass with empty password

Impact Users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated binds eg. default on Active Directory are affected. Patch...

9.3CVSS9.8AI score0.65341EPSS

Exploits0References9

Github Security Blog•added 2020/11/06 5:35 p.m.•51 views

LDAP authentication bypass with empty password

9.8CVSS2.2AI score0.65341EPSS

Exploits0References9Affected Software1

Positive Technologies•added 2020/11/04 12:0 a.m.•5 views

PT-2020-15530 · Jenkins · Jenkins Active Directory Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Active Directory Plugin versions 2.19 and earlier Description: The issue allows attackers to log in to Jenkins as any user by providing an empty password, depending on the configuration of the Active Directory server. This is possible...

9.8CVSS9.5AI score0.01652EPSS

Exploits0References8

RedHat Linux•added 2020/10/01 11:38 a.m.•3 views

activemq: LDAP authentication bypass with anonymous bind

A flaw was found in activemq. When anonymous binds are enabled on the LDAP provider zero length DN/password and the LDAP module is configured to make use of these, client credentials are not correctly verified and authentication is effectively bypassed. The highest threat from this vulnerability ...

7.5CVSS7.3AI score0.11239EPSS

Exploits0References4

RedHat Linux•added 2019/11/26 2:12 p.m.•70 views

Important: Red Hat Security Advisory: 389-ds-base security and bug fix update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

6.5CVSS6.7AI score0.013EPSS

Exploits0References7

OSV•added 2019/08/22 1:15 p.m.•0 views

UBUNTU-CVE-2019-14511

7.5CVSS5.8AI score0.02042EPSS

Exploits1References4

OSV•added 2019/06/26 3:15 p.m.•1 views

UBUNTU-CVE-2019-3569

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versio...

7.5CVSS5.8AI score0.01489EPSS

Exploits0References3