58 matches found
EUVD-2015-6866
Malware in sbrugna...
EUVD-2005-2550
Malware in sbrugna...
EUVD-2020-3131
Malware in sbrugna...
EUVD-2022-4787
Malicious code in bioql PyPI...
EUVD-2022-0790
Malicious code in bioql PyPI...
EUVD-2023-55157
Malicious code in bioql PyPI...
CVE-2020-15813
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code in all versions that suppo...
Linux Distros Unpatched Vulnerability : CVE-2021-42550
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowin...
CVE-2023-50356
SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision Server. This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login...
CVE-2023-50356 Improper Certificate Validation in AREAL Topkapi Vision (Server)
SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision Server. This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login...
Low: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : maven and recommended update for antlr3, minlog, sbt, xmvn (SUSE-SU-2023:2097-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2097-1 advisory. - In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit...
Security Bulletin: Vulnerability in OpenSSL affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in OpenSSL may cause a denial of service when IBM Spectrum Virtualize is acting as a TLS client when connecting to LDAP servers or key servers. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the...
K97521840: logback vulnerability CVE-2021-42550
Security Advisory Description In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. CVE-2021-42550 Impact There is no impact; F5 products...
SUSE CVE-2021-42550
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...
Security Bulletin: Vulnerability in OpenSSL affects IBM FlashSystem models FS900 and V9000
Summary A vulnerability in OpenSSL may cause a denial of service when IBM FlashSystem models FS900 and V9000 are acting as a TLS client when connecting to LDAP servers or key servers. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a...
Metasploit Weekly Wrap-Up
The past, present and future of Metasploit Don't miss Spencer McIntyre's talk on the Help Net Security's blog. Spencer is the Lead Security Researcher at Rapid7 and speaks about how Metasploit has evolved since its creation back in 2003. He also explains how the Framework is addressing today's...
Improper Authentication in Pivotal Spring-LDAP
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...
Deserialization of Untrusted Data in logback
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...
CVE-2021-42550
A flaw was found in the logback package. When using a specially-crafted configuration, this issue could allow a remote authenticated attacker to execute arbitrary code loaded from LDAP servers...