37 matches found
Apache Directory LDAP API security vulnerability
The Apache Directory LDAP API is a LDAP protocol development framework created by the Apache Foundation in the United States. There were security vulnerabilities in the Apache Directory LDAP API between versions 2.0.0 and 2.1.7. These vulnerabilities stemmed from incomplete TLS server...
EUVD-2021-1565
Malware in sbrugna...
EUVD-2018-0745
Malware in sbrugna...
EUVD-2022-3657
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-33900
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI...
CVE-2021-33900
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
PT-2024-4148 · Apache · Apache Directory Ldap Api
Name of the Vulnerable Software and Affected Versions: Apache Directory LDAP API affected versions not specified Description: The issue is related to a lack of control over user-input data in the LDAP URL parser component. This can be exploited by a remote attacker to cause a denial of service...
GHSA-CX3Q-CV6W-MX4H Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors...
GHSA-P9QJ-4RJP-J3W9 Apache Directory Studio Command Injection
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...
Apache Directory Studio Command Injection
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...
Confidentiality Protection Bypass
Apache Directory Studio is vulnerable to confidentiality protection bypass. The vulnerability exists because it does not apply SASL confidentiality layer when SASL authentication mechanism is used...
Missing encryption in Apache Directory Studio
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
CVE-2021-33900
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
Authentication flaw
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
CVE-2021-33900
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
CVE-2021-33900 StartTLS and SASL confidentiality protection bypass
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
CVE-2021-33900
CVE-2021-33900 affects Apache Directory Studio up to version 2.0.0.v20210213-M16 and earlier. The issue is that StartTLS encryption was not applied for SASL authentication methods (DIGEST-MD5, GSSAPI) and that any configured SASL confidentiality layer was not applied. The stem cause is the encryp...
PT-2021-3958 · Apache · Apache Directory Studio
Name of the Vulnerable Software and Affected Versions: Apache Directory Studio versions prior to 2.0.0.v20210213-M16 Description: The issue is related to the absence of protection for service data. An attacker could exploit this to disclose protected information. The problem arises when configure...
Server side request forgery (ssrf)
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any informati...