39 matches found
Apache Directory LDAP API 安全漏洞
The Apache Directory LDAP API is a LDAP protocol development framework created by the Apache Foundation in the United States. There were security vulnerabilities in the Apache Directory LDAP API between versions 2.0.0 and 2.1.7. These vulnerabilities stemmed from incomplete TLS server...
EUVD-2018-0745
Malware in sbrugna...
EUVD-2021-1565
Malware in sbrugna...
EUVD-2022-3657
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-33900
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI...
CVE-2021-33900
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
The vulnerability of the LDAP URL parser component in the Apache Directory LDAP API software allows a malicious actor to cause service failure.
The vulnerability of the LDAP URL parser component in Apache Directory LDAP API is related to the lack of control over the data entered by users. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
Vulnerability of the treatLengthEndState() function in the asn1/ber module asn1/ber/src/main/java/org/apache/directory/api/asn1/ber/Asn1Decoder.java. The Apache Directory LDAP API allows a hacker to trigger a service denial.
The vulnerability of the treatLengthEndState function in the asn1/ber/src/main/java/org/apache/directory/api/asn1/ber/Asn1Decoder.java module. The Apache Directory LDAP API is vulnerable due to a lack of control over user-input data. Exploiting this vulnerability could allow an attacker to cause...
PT-2024-4148 · Apache · Apache Directory Ldap Api
Name of the Vulnerable Software and Affected Versions: Apache Directory LDAP API affected versions not specified Description: The issue is related to a lack of control over user-input data in the LDAP URL parser component. This can be exploited by a remote attacker to cause a denial of service...
GHSA-CX3Q-CV6W-MX4H Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors...
GHSA-P9QJ-4RJP-J3W9 Apache Directory Studio Command Injection
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...
Apache Directory Studio Command Injection
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...
Confidentiality Protection Bypass
Apache Directory Studio is vulnerable to confidentiality protection bypass. The vulnerability exists because it does not apply SASL confidentiality layer when SASL authentication mechanism is used...
Missing encryption in Apache Directory Studio
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
CVE-2021-33900
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
Authentication flaw
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
CVE-2021-33900
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
CVE-2021-33900 StartTLS and SASL confidentiality protection bypass
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
CVE-2021-33900
CVE-2021-33900 affects Apache Directory Studio up to version 2.0.0.v20210213-M16 and earlier. The issue is that StartTLS encryption was not applied for SASL authentication methods (DIGEST-MD5, GSSAPI) and that any configured SASL confidentiality layer was not applied. The stem cause is the encryp...