9 matches found
EUVD-2026-11619
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...
CVE-2025-58045
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...
CVE-2025-58045
DataEase (DataEase Open Source) contains a JDBC URL injection vulnerability affecting DB2 and MongoDB data source configuration handlers. In versions up to 2.10.13, when extraParams is empty, the HOSTNAME, PORT, and DATABASE values are concatenated into the JDBC URL without filtering illegal para...
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...
PT-2025-37719
Name of the Vulnerable Software and Affected Versions: Dataease versions up to 2.10.12 Description: Dataease is an open source data analytics and visualization platform. A patch intended to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The lda...
SUSE-SU-2022:2763-1 Security update for sssd
This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommand bsc1189492. - Add 'ldapignoreunreadablereferences' parameter to skip unreadable objects referenced by 'member' attributte bsc1190775 - Fix 32-bi...
SUSE-SU-2022:0826-1 Security update for sssd
This update for sssd fixes the following issues: Security issues fixed: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands bsc1189492. Non-security issues fixed: - Create timestamp attribute in cache objects if missing. bsc1182637 - Add...
Cross site scripting
: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling...