Security
Headlines
HeadlinesLatestCVEs

Tag

#ldap

CVE-2021-20277: [SECURITY] [DLA 2611-1] ldb security update

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

CVE
Open in Source
#vulnerability#ios#linux#debian#js#ldap#samba
CVE-2021-32604: Serv-U File Server 15.2.3 Release Notes

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."

CVE-2021-32062: MapServer 7.6 Changelog — MapServer 7.6.4 documentation

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).

CVE-2020-26197: DSA-2021-048: Dell PowerScale OneFS Security Update for Multiple Vulnerabilities

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.

CVE-2021-1737: About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2021-22203: Kroki Arbitrary File Read/Write (#320919) · Issues · GitLab.org / GitLab · GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server.

CVE-2020-35518: Invalid Bug ID

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

CVE-2020-29134: GitHub - Ls4ss/CVE-2020-29134: Exploit CVE-2020-29134 - TOTVS Fluig Platform - Path Traversal

The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4

CVE-2021-22877: Wrong (malformed) external storage credentials saved in `oc_storages_credentials` · Issue #24600 · nextcloud/server

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.

CVE-2021-26563: TALOS-2020-1158 || Cisco Talos Intelligence Group

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.