EUVD-2005-1382

Malware in sbrugna...

CVE-2025-23264

NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data...

WordPress WP Mailster plugin <= 1.8.16.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Lam Que Chi Patchstack Alliance in WordPress Plugin WP Mailster versions = 1.8.16.0...

CVE-2024-50112

In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESSMASKING in most cases Linear Address Masking LAM has a weakness related to transient execution as described in the SLAM paper1. Unless Linear Address Space Separation LASS is enabled this weakness may be...

CVE-2024-50112

In CVE-2024-50112, the Linux kernel fixes a weakness in Linear Address Masking (LAM) on x86 by disabling LAM in most cases. The vulnerability stems from transient execution risk related to LAM unless Linear Address Space Separation (LASS) is active. Until LASS support lands, LAM should only be al...

CVE-2024-50112 x86/lam: Disable ADDRESS_MASKING in most cases

In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESSMASKING in most cases Linear Address Masking LAM has a weakness related to transient execution as described in the SLAM paper1. Unless Linear Address Space Separation LASS is enabled this weakness may be...

CVE-2024-50112 x86/lam: Disable ADDRESS_MASKING in most cases

In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESSMASKING in most cases Linear Address Masking LAM has a weakness related to transient execution as described in the SLAM paper1. Unless Linear Address Space Separation LASS is enabled this weakness may be...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the x86/lam module failing to handle address masks correctly in most cases...

CVE-2024-26674

In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to ASMEXTABLEUA for get,putuser fixups During memory error injection test on kernels = v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels getusernocheck4+0x6/0x20 mce: Hardwa...

CVE-2024-26674

CVE-2024-26674 affects the Linux kernel x86/mm code, specifically a fixup path for get_user()/put_user(). In kernel builds &gt;= 6.4 memory-error-injection can trigger a machine-check and panic due to a revert from _ASM_EXTABLE_UA() to a more generic fixup type. The issue arose when MCA handling ...

CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

CVE-2024-23333

LAM (LDAP Account Manager) contains a vulnerability where log configuration allows arbitrary log-file paths. In versions before 8.7, an attacker could cause PHP code to be written to a log file and later executed when accessed via web. Mitigation requires knowledge of LAM’s master configuration p...

Remote Code Execution (RCE)

ldap-account-manager:sid is vulnerable to remote code execution. LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf...

Remote Code Execution

ldap-account-manager is vulnerable to remote code execution. An attacker is able to inject the first constructor argument leading to code execution if non-LAM classes are instantiated during object creation...

LDAP Account Manager Parameter Injection Vulnerability

LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. LDAP Account Manager LAM versions prior to 8.0 are vulnerable to parameter injection, which stems from the fact that LAM instantiates objects from arbitrary classes and ca...

LDAP Account Manager File Upload Vulnerability

LDAP Account Manager is a web front-end for managing entries stored in LDAP directories e.g., users, groups, DHCP settings. file upload vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from a faulty regular expression that allows PHP scripts to be uploaded to th...

Design/Logic Flaw

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...

CVE-2022-31085

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...

CVE-2022-31085

CVE-2022-31085 affects LDAP Account Manager (LAM). In versions prior to 8.0, session files can contain LDAP usernames and passwords in clear text when the PHP OpenSSL extension is not installed or session encryption is disabled. The issue is fixed in LAM 8.0; if upgrading is not possible, enable ...

CVE-2022-31084

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to cod...