27 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: eclipse-ecf (UTSA-2026-016602)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016602 advisory. The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate...
CVE-2026-6475
Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...
xiaoheiFS 安全漏洞
xiaoheiFS is a self-hosted cloud service financial and operational system developed by Danvei’s individual developers. Versions of xiaoheiFS prior to 0.3.15 contain security vulnerabilities. These vulnerabilities stem from the standard plugin system, which allows administrators to upload ZIP file...
CVE-2025-50944
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...
Microsoft Windows SMB Server 信任管理问题漏洞
Microsoft Windows SMB Server is a network file sharing protocol from Microsoft USA. It allows applications on a computer to read and write files and request services from server programs on a computer network. A vulnerability exists in Microsoft Windows SMB Server for trust management issues. An...
CVE-2024-42347
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
Nextcloud Security Breach
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from the possibility that an attacker could trick the application into accepting requests that a...
CVE-2023-35927
The CVE-2023-35927 issue affects Nextcloud Server and Enterprise Server where two trusted servers exchange share secrets and an attacker could modify or delete VCards in the origin server’s system address book, impacting user search and avatar menus. The initial description lists affected lines f...
Design/Logic Flaw
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt file...
SUSE CVE-2014-8143
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller AD DC is configured, allows remote authenticated users to set the LDB userAccountControl UFSERVERTRUSTACCOUNT bit, and consequently gain privileges, by leveraging delegation of...
CVE-2021-41611
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be pass...
DEBIAN-CVE-2016-1908
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues ...
ipa security update
CentOS Errata and Security Advisory CESA-2016:1797 An update for ipa is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...
X_CART Installation Script Cross Site Scripting Vulnerability
XCART is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:qualiteam:x-cart";...
smack: incorrect X.509 certificate validation
It was found that the ServerTrustManager in the Smack XMPP API did not verify basicConstraints and nameConstraints in X.509 certificate chains. A man-in-the-middle attacker could use this flaw to spoof servers and obtain sensitive information...
Samba Elevation of Privilege Vulnerability
Samba is a set of programs that implement the SMB Server Messages Block protocol, cross-platform file sharing and print sharing services. The Samba AD DC allows administrators to assign user and computer account creation to certain users or groups, but fails to check the UFSERVERTRUSTACCOUNT bit...
UBUNTU-CVE-2014-8143
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller AD DC is configured, allows remote authenticated users to set the LDB userAccountControl UFSERVERTRUSTACCOUNT bit, and consequently gain privileges, by leveraging delegation of...
Security fix for the ALT Linux 10 package samba version 4.1.16-alt1
Jan. 15, 2015 Andrey Cherepanov 4.1.16-alt1 - New version - Security fixes: + CVE-2014-8143: Samba's AD DC allows the administrator to delegate creation of user or computer accounts to specific users or groups. However, all released versions of Samba's AD DC did not implement the additional...
smack: incorrect X.509 certificate validation
It was found that the ServerTrustManager in the Smack XMPP API did not verify basicConstraints and nameConstraints in X.509 certificate chains. A man-in-the-middle attacker could use this flaw to spoof servers and obtain sensitive information...
smack: incorrect X.509 certificate validation
It was found that the ServerTrustManager in the Smack XMPP API did not verify basicConstraints and nameConstraints in X.509 certificate chains. A man-in-the-middle attacker could use this flaw to spoof servers and obtain sensitive information...