Lucene search
K

4 matches found

Cvelist
Cvelist
added 14 hours ago7 views

CVE-2026-14474 Sssd: sssd: sudo ldap provider searches entire directory tree for sudorole objects by default, enabling privilege escalation

A flaw was found in SSSD's LDAP sudo provider. When the ldapsudosearchbase option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo...

8.8CVSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/11/03 8:11 a.m.6 views

389-ds-base: Information disclosure via repeated use of LDAP ADD operation

An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not...

7.5CVSS5.8AI score0.02412EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/09/10 4:55 p.m.3 views

mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing

It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them...

5CVSS6.7AI score0.07109EPSS
Exploits0References4
PyPA
PyPA
added 2014/03/11 7:37 p.m.9 views

PYSEC-2014-53

Multiple unspecified vulnerabilities in 1 dataitems.py, 2 get.py, and 3 traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors...

6.5CVSS7AI score0.01255EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder