Skip to main content
CVE-2018-11574 CRITICAL PATCH Act Now

Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Point To Point Protocol Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-12421 CRITICAL PATCH Act Now

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Ldap Tool Box Self Service Password
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy