Astra Linux - уязвимость в zabbix

The Zabbix API’s user.get method returns all users that share a common group with the calling user. This includes media and other information, such as login attempts, etc...

LDAP Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to LDAP Injection via unsanitized input in the authData.id parameter during the construction of LDAP Distinguished Names and...

EUVD-2026-10928

Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction...

CVE-2026-31828

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN an...

PT-2026-24482

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.13 Parse Server versions prior to 8.6.26 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a flaw in its LDAP authentication adapter. The issue stems fro...

CVE-2023-45140

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...

EUVD-2025-0111

Malicious code in bioql PyPI...

CVE-2025-49012 Himmelblau's Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs...

DEBIAN-CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

UBUNTU-CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in Zabbix that stems from returning all user information, including media and other information, that...

org.opendaylight.groupbasedpolicy:features-groupbasedpolicy (=0.7.4), org.opendaylight.groupbasedpolicy:odl-groupbasedpolicy-neutron-and-ofoverlay (>=0.5.0-Carbon <=0.7.4) +17 more potentially affected by CVE-2025-29314 via org.opendaylight.sfc:odl-sfc-openflow-renderer (>=0.10.0 <=0.9.3)

org.opendaylight.sfc:odl-sfc-openflow-renderer MAVEN version =0.10.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.6.0, =0.6.0, =0.4.0-Carbon, =0.5.0, =0.4.0-Carbon, =0.5.0, =0.5.2 and more Source cves: CVE-2025-29314 Source advisory:...

org.opendaylight.groupbasedpolicy:features-groupbasedpolicy (=0.7.4), org.opendaylight.groupbasedpolicy:odl-groupbasedpolicy-neutron-and-ofoverlay (>=0.5.0-Carbon <=0.7.4) +23 more potentially affected by CVE-2025-29313 via org.opendaylight.sfc:sfc-ovs (>=0.10.0 <=0.9.3)

org.opendaylight.sfc:sfc-ovs MAVEN version =0.10.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.6.0, =0.6.0, =0.4.0-Carbon, =0.5.0, =0.4.0-Carbon, =0.4.4-Carbon and more Source cves: CVE-2025-29313 Source advisory:...

org.opendaylight.groupbasedpolicy:features-groupbasedpolicy (=0.7.4), org.opendaylight.groupbasedpolicy:odl-groupbasedpolicy-neutron-and-ofoverlay (>=0.5.0-Carbon <=0.7.4) +18 more potentially affected by CVE-2025-29313 via org.opendaylight.sfc:sfc-openflow-renderer (>=0.10.0 <=0.9.3)

org.opendaylight.sfc:sfc-openflow-renderer MAVEN version =0.10.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.6.0, =0.6.0, =0.4.0-Carbon, =0.5.0, =0.4.0-Carbon, =0.5.0, =0.5.2 and more Source cves: CVE-2025-29313 Source advisory:...

org.opendaylight.faas:features4-faas (>=1.2.0-Carbon <=1.3.3), org.opendaylight.faas:odl-faas-all (>=1.2.0-Carbon <=1.3.3) +67 more potentially affected by CVE-2025-29315 via org.opendaylight.sfc:sfc-provider (>=0.0.1-Helium <=0.9.3)

org.opendaylight.sfc:sfc-provider MAVEN version =0.0.1-Helium, =1.2.0-Carbon, =1.2.0-Carbon, =1.2.0-Carbon, =1.0.0-Beryllium, =0.6.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.6.0, =0.9.0, =0.9.0, =0.11.4 and more Source cves: CVE-2025-29315 Source advisory:...

zot 安全漏洞

zot is an OCI image registry open-sourced by The zot Project. A security vulnerability exists in versions prior to zot 2.1.2, which stems from a conflict in the configuration file, where any authorized zot configuration that relies on group-based authorization does not honor group...

PT-2024-9165 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.11 Nextcloud Server versions prior to 23.0.11 Nextcloud Server versions prior to 24.0.6 Nextcloud Enterprise Server versions prior to 22.2.11 Nextcloud Enterprise Server versions prior to 23.0.11...

GO-2024-2760 Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher

Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If...

Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication

Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do n...