114 matches found
GHSA-394J-X37R-2Q27 Ibexa DXP users with the Company admin role can assign any role to any user
Critical severity. Users with the Company admin role introduced by the company account feature in v4 can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is...
PT-2022-28178 · Unknown · Company Account Feature
Name of the Vulnerable Software and Affected Versions: Company account feature version 4 and later Description: A critical issue allows users with the Company admin role to assign any role to any user, bypassing subtree limitations. This also affects users with the role / assign policy, typically...
PT-2022-28268 · Unknown · Company Account Feature
Name of the Vulnerable Software and Affected Versions: Company account feature version 4 and later Description: A critical issue allows users with the Company admin role to assign any role to any user, bypassing subtree limitations. This also affects users with the role / assign policy, typically...
PT-2022-28244 · Unknown · Company Account Feature
Name of the Vulnerable Software and Affected Versions: Company account feature version 4 and later Description: A critical issue allows users with the Company admin role to assign any role to any user, bypassing subtree limitations. This also affects users with the role / assign policy, typically...
PT-2022-28186 · Unknown · Company Account Feature
Name of the Vulnerable Software and Affected Versions: Company account feature version 4 and later Description: A critical issue allows users with the Company admin role to assign any role to any user, bypassing subtree limitations. This also affects users with the role / assign policy, typically...
ALPINE-CVE-2022-42321
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...
DEBIAN-CVE-2022-42321
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...
CVE-2022-42321
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...
UBUNTU-CVE-2022-42321
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...
Plone Privilege escalation due improper authorization
Multiple unspecified vulnerabilities in 1 dataitems.py, 2 get.py, and 3 traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors...
The vulnerability of the _get_children() function in the library for extracting subtree contents of Windows hives, related to the issue of operations going beyond the buffer boundaries in memory, allows a malicious actor to perform denial-of-service attacks.
The vulnerability of the getchildren function in the library for extracting subtree contents of Windows hives is related to the operation going beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to perform denial-of-service attacks...
The vulnerability of the Samba networking communication package, related to improper access control, allows a perpetrator to gain access to confidential data and compromise its integrity.
The vulnerability of the Samba networking communication package is related to an error in deleting permissions for creating or modifying subtrees. This error does not automatically disappear on all domain controllers. Exploiting this vulnerability can allow a remote attacker to gain access to...
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8 when there is an NFS export of a subdirectory of a filesystem allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior
...
CVE-2019-14902
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...
ALPINE-CVE-2019-14902
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...
DEBIAN-CVE-2019-14902
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...
Code injection
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...
USN-4244-1 samba vulnerabilities
It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-14902 Robert Święcki discovered that Samba incorrectly handled...
CVE-2019-14902
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...
CVE-2019-14902
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...