Lucene search
K

48 matches found

Tenable Nessus
Tenable Nessus
added 2024/08/14 12:0 a.m.186 views

SUSE SLES15: kernel-azure / kernel-azure-devel / kernel-devel-azure / etc (SUSE-SU-2024:2896-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2896-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were...

9.8CVSS7.2AI score0.02701EPSS
Exploits4References1253
OSV
OSV
added 2024/07/29 7:15 a.m.5 views

AZL-67770 CVE-2024-41013 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfsdir2dataunused and xfsdir2dataentry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start...

7.1CVSS6.3AI score0.00224EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/07/29 12:0 a.m.29 views

CVE-2024-41013

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfsdir2dataunused and xfsdir2dataentry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start...

7.1CVSS6.4AI score0.00224EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.16 views

PT-2024-29202

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel, where a vulnerability has been resolved by adding sanity checks for xfs dir2 data unused and xfs dir2 data entry to prevent accessing memory...

7.1CVSS5.5AI score0.00224EPSS
Exploits0
OSV
OSV
added 2024/01/16 4:15 p.m.4 views

CVE-2023-4757

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...

5.4CVSS5.6AI score0.00395EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.6 views

WordPress plugin Staff / Employee Business Directory for Active Directory Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability in the WordPress plugin Staff /...

5.4CVSS6.4AI score0.00395EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/06/16 12:0 a.m.8 views

PT-2023-23036 · Hewlett Packard · Hpe Insight Remote Support

Name of the Vulnerable Software and Affected Versions: HPE Insight Remote Support affected versions not specified Description: A security issue in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information. Recommendations: At the moment, there is no information...

5.5CVSS6.8AI score0.00158EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.4 views

SUSE CVE-2005-2549

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 full vCard data, 2 contact data from remote LDAP servers, or 3 task list data from remote servers...

7.5CVSS8AI score0.04426EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/25 12:0 a.m.7 views

PT-2023-16291 · Tenable · Tenable.Sc

Name of the Vulnerable Software and Affected Versions: Tenable.sc affected versions not specified Description: A LDAP injection issue exists due to improper validation of user-supplied input. An authenticated attacker could generate data in Active Directory using the application account through...

6.5CVSS6.3AI score0.00693EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/21 9:15 a.m.2 views

CVE-2022-34916

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

9.8CVSS6.5AI score0.0231EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/08/12 12:0 a.m.9 views

The vulnerability of Siemens SIMATIC product software, related to the leakage of information about files and directories, allows a perpetrator to obtain login credentials.

The vulnerability of Siemens SIMATIC software products is related to the leakage of information about files and directories. Exploiting this vulnerability can allow attackers to obtain login credentials...

5.5CVSS7.2AI score0.0016EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/30 12:0 a.m.9 views

The vulnerability in the LDAP Account Manager web application exists due to the lack of measures taken to neutralize special elements, allowing attackers to use the user’s username field to manipulate LDAP data.

The vulnerability in the LDAP Account Manager web application exists due to the failure to take measures to neutralize certain special elements. Exploiting this vulnerability allows a malicious actor to use the user’s username field to manipulate LDAP data...

6.5CVSS6.5AI score0.01201EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/12/28 8:15 p.m.4 views

DEBIAN-CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...

6.6CVSS8.8AI score0.97906EPSS
Exploits9References1
OSV
OSV
added 2021/07/28 12:15 a.m.4 views

CVE-2020-26180

Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols...

8.8CVSS5.8AI score0.00593EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/05/18 3:49 p.m.2 views

samba: Missing handle permissions check in SMB1/2/3 ChangeNotify

A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality...

4.3CVSS6.8AI score0.01521EPSS
Exploits0References5
Veracode
Veracode
added 2021/03/17 9:4 p.m.20 views

Denial Of Service (DoS)

tor is vulnerable to denial of service DoS. The vulnerability exists due to application does not properly control consumption of internal resources when processing directory data. A remote attacker can force the Tor instance do consume huge amounts of CPU resources and perform a denial of service...

5.3CVSS2.4AI score0.02096EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2020/10/29 12:0 a.m.13 views

PT-2020-6720 · Samba +9 · Samba +9

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A flaw was found in the way Samba handled file and directory permissions, allowing an authenticated user to gain access to certain file and directory information that would otherwise be...

10CVSS6.5AI score0.99512EPSS
Exploits156References247
OSV
OSV
added 2019/07/01 3:15 p.m.3 views

CVE-2019-4297

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761...

5.4CVSS6.5AI score0.01058EPSS
Exploits0References2
OSV
OSV
added 2018/06/22 3:29 p.m.4 views

CVE-2017-7568

NetApp OnCommand Unified Manager for 7-Mode core package versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface...

5.3CVSS5.7AI score0.01374EPSS
Exploits0References2
OSV
OSV
added 2017/05/22 1:29 a.m.4 views

CVE-2017-6643

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensiti...

5.3CVSS5.9AI score0.02663EPSS
Exploits0References2
Rows per page
Query Builder