48 matches found
SUSE SLES15: kernel-azure / kernel-azure-devel / kernel-devel-azure / etc (SUSE-SU-2024:2896-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2896-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were...
AZL-67770 CVE-2024-41013 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfsdir2dataunused and xfsdir2dataentry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start...
CVE-2024-41013
In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfsdir2dataunused and xfsdir2dataentry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start...
PT-2024-29202
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel, where a vulnerability has been resolved by adding sanity checks for xfs dir2 data unused and xfs dir2 data entry to prevent accessing memory...
CVE-2023-4757
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...
WordPress plugin Staff / Employee Business Directory for Active Directory Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability in the WordPress plugin Staff /...
PT-2023-23036 · Hewlett Packard · Hpe Insight Remote Support
Name of the Vulnerable Software and Affected Versions: HPE Insight Remote Support affected versions not specified Description: A security issue in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information. Recommendations: At the moment, there is no information...
SUSE CVE-2005-2549
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 full vCard data, 2 contact data from remote LDAP servers, or 3 task list data from remote servers...
PT-2023-16291 · Tenable · Tenable.Sc
Name of the Vulnerable Software and Affected Versions: Tenable.sc affected versions not specified Description: A LDAP injection issue exists due to improper validation of user-supplied input. An authenticated attacker could generate data in Active Directory using the application account through...
CVE-2022-34916
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...
The vulnerability of Siemens SIMATIC product software, related to the leakage of information about files and directories, allows a perpetrator to obtain login credentials.
The vulnerability of Siemens SIMATIC software products is related to the leakage of information about files and directories. Exploiting this vulnerability can allow attackers to obtain login credentials...
The vulnerability in the LDAP Account Manager web application exists due to the lack of measures taken to neutralize special elements, allowing attackers to use the user’s username field to manipulate LDAP data.
The vulnerability in the LDAP Account Manager web application exists due to the failure to take measures to neutralize certain special elements. Exploiting this vulnerability allows a malicious actor to use the user’s username field to manipulate LDAP data...
DEBIAN-CVE-2021-44832
Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...
CVE-2020-26180
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols...
samba: Missing handle permissions check in SMB1/2/3 ChangeNotify
A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality...
Denial Of Service (DoS)
tor is vulnerable to denial of service DoS. The vulnerability exists due to application does not properly control consumption of internal resources when processing directory data. A remote attacker can force the Tor instance do consume huge amounts of CPU resources and perform a denial of service...
PT-2020-6720 · Samba +9 · Samba +9
Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A flaw was found in the way Samba handled file and directory permissions, allowing an authenticated user to gain access to certain file and directory information that would otherwise be...
CVE-2019-4297
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761...
CVE-2017-7568
NetApp OnCommand Unified Manager for 7-Mode core package versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface...
CVE-2017-6643
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensiti...