MiracleLinux 9 : jss-5.3.0-1.el9, ldapjdk-5.3.0-1.el9, pki-core-11.3.0-1.el9, tomcatjss-8.3.0-1.el9 (AXSA:2023-5762:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5762:01 advisory. pki-core: When using the caServerKeygenDirUserCert profile, user can get certificates for other UIDs by entering name in Subject field CVE-2022-2393 Tenable...

CVE-2025-30290 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to bypass security...

CVE-2022-21936

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI...

pki-core 安全漏洞

pki-core is a library that provides an API for PKI operations. A security vulnerability exists in pki-core that stems from the use of the caServerKeygenDirUserCert profile, which allows a user to obtain the certificates of other UIDs by entering a name in the subject field...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

CVE-2019-19747

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...

CVE-2018-20369

Barracuda Message Archiver 2018 has XSS in the errormsg exception-handling value for the ldapuser parameter to the cgi-mod/ldaploadentry.cgi module. The injection point of the issue is the AddUpdate module...

grafana: authentication bypass knowing only a username of an LDAP or OAuth user

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user...

CVE-2018-10509

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability...