oneidentity

Top products

The 15 most recently published vulnerabilities affecting oneidentity.

• CVE-2024-47619tranport: TLS host name wildcard matching too lax7.5May 7, 2025
• CVE-2024-56404In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.9.9Jan 24, 2025
• CVE-2023-51772One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium...8.8Dec 25, 2023
• CVE-2023-48654One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium...9.8Dec 25, 2023
• CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation7.6Sep 27, 2023
• CVE-2022-38725An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or n...7.5Jan 23, 2023
• CVE-2020-7962An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP respons...5.3Nov 13, 2020
• CVE-2020-8019syslog-ng: Local privilege escalation from new to root in %post7.7Jun 29, 2020
• CVE-2019-13497One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests.6.5Nov 4, 2019
• CVE-2019-13496One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a s...8.1Nov 4, 2019
• CVE-2019-13498One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.7.4Jul 29, 2019
• CVE-2011-1951lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory co...4.3Jul 11, 2011
• CVE-2011-0343Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files...6.9Jan 28, 2011
• CVE-2008-5110syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw a...9.3Nov 17, 2008
• CVE-2002-1200Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during...7.5Sep 1, 2004