Lucene search
K

114 matches found

OSV
OSV
added 2022/11/10 11:54 p.m.15 views

GHSA-394J-X37R-2Q27 Ibexa DXP users with the Company admin role can assign any role to any user

Critical severity. Users with the Company admin role introduced by the company account feature in v4 can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is...

7AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/10 12:0 a.m.4 views

PT-2022-28178 · Unknown · Company Account Feature

Name of the Vulnerable Software and Affected Versions: Company account feature version 4 and later Description: A critical issue allows users with the Company admin role to assign any role to any user, bypassing subtree limitations. This also affects users with the role / assign policy, typically...

6.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/10 12:0 a.m.4 views

PT-2022-28268 · Unknown · Company Account Feature

Name of the Vulnerable Software and Affected Versions: Company account feature version 4 and later Description: A critical issue allows users with the Company admin role to assign any role to any user, bypassing subtree limitations. This also affects users with the role / assign policy, typically...

6.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/10 12:0 a.m.5 views

PT-2022-28244 · Unknown · Company Account Feature

Name of the Vulnerable Software and Affected Versions: Company account feature version 4 and later Description: A critical issue allows users with the Company admin role to assign any role to any user, bypassing subtree limitations. This also affects users with the role / assign policy, typically...

6.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/10 12:0 a.m.4 views

PT-2022-28186 · Unknown · Company Account Feature

Name of the Vulnerable Software and Affected Versions: Company account feature version 4 and later Description: A critical issue allows users with the Company admin role to assign any role to any user, bypassing subtree limitations. This also affects users with the role / assign policy, typically...

6.9AI score
Exploits0References5
OSV
OSV
added 2022/11/01 1:15 p.m.2 views

ALPINE-CVE-2022-42321

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...

6.5CVSS6.9AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2022/11/01 1:15 p.m.1 views

DEBIAN-CVE-2022-42321

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...

6.5CVSS6.3AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/11/01 1:15 p.m.4 views

CVE-2022-42321

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References12
OSV
OSV
added 2022/11/01 1:15 p.m.3 views

UBUNTU-CVE-2022-42321

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...

6.5CVSS6.6AI score0.00269EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/17 4:49 a.m.20 views

Plone Privilege escalation due improper authorization

Multiple unspecified vulnerabilities in 1 dataitems.py, 2 get.py, and 3 traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors...

6.5CVSS6.7AI score0.01255EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/08 12:0 a.m.5 views

The vulnerability of the _get_children() function in the library for extracting subtree contents of Windows hives, related to the issue of operations going beyond the buffer boundaries in memory, allows a malicious actor to perform denial-of-service attacks.

The vulnerability of the getchildren function in the library for extracting subtree contents of Windows hives is related to the operation going beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to perform denial-of-service attacks...

3.3CVSS6.7AI score0.04794EPSS
Exploits1References8Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.7 views

The vulnerability of the Samba networking communication package, related to improper access control, allows a perpetrator to gain access to confidential data and compromise its integrity.

The vulnerability of the Samba networking communication package is related to an error in deleting permissions for creating or modifying subtrees. This error does not automatically disappear on all domain controllers. Exploiting this vulnerability can allow a remote attacker to gain access to...

5.5CVSS6.6AI score0.01521EPSS
Exploits0References12Affected Software6
Microsoft CVE
Microsoft CVE
added 2021/01/29 8:0 a.m.5 views

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8 when there is an NFS export of a subdirectory of a filesystem allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior

...

6.5CVSS7AI score0.02417EPSS
Exploits0
OSV
OSV
added 2020/01/21 6:15 p.m.29 views

CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...

5.4CVSS6.5AI score0.01521EPSS
Exploits0References11
OSV
OSV
added 2020/01/21 6:15 p.m.3 views

ALPINE-CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...

5.4CVSS6.9AI score0.01521EPSS
Exploits0References1
OSV
OSV
added 2020/01/21 6:15 p.m.1 views

DEBIAN-CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...

5.4CVSS6.7AI score0.01521EPSS
Exploits0References1
Prion
Prion
added 2020/01/21 6:15 p.m.27 views

Code injection

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...

5.5CVSS5.5AI score0.01521EPSS
Exploits0References11Affected Software4
OSV
OSV
added 2020/01/21 12:59 p.m.5 views

USN-4244-1 samba vulnerabilities

It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-14902 Robert Święcki discovered that Samba incorrectly handled...

6.5CVSS6.8AI score0.03151EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/01/21 12:0 a.m.35 views

CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...

5.4CVSS6AI score0.01521EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2020/01/21 12:0 a.m.40 views

CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...

5.5CVSS6.1AI score0.01521EPSS
Exploits0
Rows per page
Query Builder