YugabyteDB Anywhere 安全漏洞

YugabyteDB Anywhere is a database offered by the American company YugabyteDB. There is a security vulnerability in YugabyteDB Anywhere, which stems from the web interface displaying LDAP binding passwords in plain text. This vulnerability may allow authenticated users to obtain credentials, leadi...

CVE-2010-0521

Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests...

PT-2022-23972 · Yugabyte +1 · Yugabytedb +1

Name of the Vulnerable Software and Affected Versions: YugabyteDB version 2.6.1 Description: An issue was discovered when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. If anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an...

xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

CVE-2010-0521

Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests...

CVE-2010-0521

CVE-2010-0521 affects Apple Mac OS X Server prior to 10.6.3. The issue is that Server Admin does not properly enforce authentication for directory binding, allowing remote attackers to anonymously extract potentially sensitive information from Open Directory via unspecified LDAP requests. Public ...