Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oneidentity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1200
Balabit Syslog-NG 1.4.x prior to 1.4.15, and 1.5.x prior to 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote malicious users to cause a denial of serv...
Oneidentity Syslog-ng 1.4.0
Oneidentity Syslog-ng 1.4.7
Oneidentity Syslog-ng 1.4.8
Oneidentity Syslog-ng 1.4.9
Oneidentity Syslog-ng 1.4.10
Oneidentity Syslog-ng 1.4.15
Oneidentity Syslog-ng 1.5.15
Oneidentity Syslog-ng 1.5.20
NA
CVE-2011-0343
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to t...
Oneidentity Syslog-ng 2.0
Oneidentity Syslog-ng 3.0
Oneidentity Syslog-ng 3.1
Oneidentity Syslog-ng 3.2
7.5
CVSSv3
CVE-2022-38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 up to and including 3.37 allows remote malicious users to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng S...
Oneidentity Syslog-ng Store Box
Oneidentity Syslog-ng
8.1
CVSSv3
CVE-2019-13496
One Identity Cloud Access Manager prior to 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.
Oneidentity Cloud Access Manager 8.1.4
Oneidentity Cloud Access Manager
1 Github repository
6.5
CVSSv3
CVE-2019-13497
One Identity Cloud Access Manager prior to 8.1.4 Hotfix 1 allows CSRF for logout requests.
Oneidentity Cloud Access Manager 8.1.4
Oneidentity Cloud Access Manager
1 Github repository
7.8
CVSSv3
CVE-2020-8019
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Ente...
Oneidentity Syslog-ng
NA
CVE-2008-5110
syslog-ng does not call chdir when it calls chroot, which might allow malicious users to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.
Oneidentity Syslog-ng
8.8
CVSSv3
CVE-2023-51772
One Identity Password Manager prior to 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape seque...
Oneidentity Password Manager
6.8
CVSSv3
CVE-2023-4003
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges.
Oneidentity Password Manager
NA
CVE-2011-1951
lib/logmatcher.c in Balabit syslog-ng prior to 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote malicious users to cause a denial of service (memory consumption) via a message that does not match a regular expression.
Oneidentity Syslog-ng
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »