3 matches found
SUSE CVE-2017-12173
It was found that sssd's sysdbsearchuserbyupnres function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this fla...
CVE-2022-0652
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...
Directory Traversal in SafeNet Sentinel Protection Server and Keys Server
SUMMARY ======= SafeNet Inc.'s Sentinel Protection Server and Sentinel Keys Server products include web servers which are vulnerable to directory traversal attacks. A remote attacker could exploit these vulnerabilities to read arbitrary files with the permissions of the web server, typically...