Lucene search
K

157 matches found

Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.4 views

PT-2025-32380 · Openbao · Openbao

Name of the Vulnerable Software and Affected Versions: OpenBao versions 0.1.0 through 2.3.1 Description: Attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP authentication systems. This was caused by different aliasing between pre-flight and full login...

5.3CVSS6.9AI score0.00394EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.8 views

The vulnerability of the user blocking mechanism of the Vault Enterprise and Vault Community Edition corporate information archiving platforms allows attackers to circumvent existing security restrictions.

The vulnerability of the user blocking mechanism in the Vault Enterprise and Vault Community Edition corporate information archiving platforms is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to circumvent existing security...

5.3CVSS5.5AI score0.00394EPSS
Exploits0References3Affected Software3
Snyk
Snyk
added 2025/08/06 12:31 p.m.2 views

Improper Neutralization

Overview github.com/hashicorp/vault/builtin/credential/ldap is a package ldap for Hashicorp. Affected versions of this package are vulnerable to Improper Neutralization in the ldap authentication method when usernameasalias is enabled and a user has multiple CNs that are equal except for leading ...

8.5CVSS7.1AI score0.00502EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/01 6:31 p.m.1 views

Improper Handling of Case Sensitivity

Overview github.com/hashicorp/vault/builtin/credential/ldap is a package ldap for Hashicorp. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the pathLoginAliasLookahead implementation. An attacker can gain unauthorized access and bypass authentication...

6.9CVSS7.2AI score0.00394EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/18 12:0 a.m.8 views

Vulnerability of the Server component: Security: LDAP Auth of the MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the Server component’s Security: LDAP Auth module of the MySQL Server database management system is related to uncontrolled resource consumption. Exploiting this vulnerability could allow an attacker to cause service interruptions...

4.9CVSS7.2AI score0.0041EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 6:1 a.m.5 views

CVE-2023-28623

Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...

6.5CVSS7AI score0.00527EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.6 views

CVE-2021-21484

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind...

9.8CVSS7.1AI score0.01208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:11 a.m.16 views

CVE-2013-0966

The Apple modhfsapple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI...

6.4CVSS6.7AI score0.01699EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:4 a.m.7 views

CVE-2013-7292

VASCO IDENTIKEY Authentication Server IAS 3.4.x allows remote authenticated users to bypass Active Directory AD authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password...

3.5CVSS7.1AI score0.01223EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/04/16 8:37 a.m.3 views

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set bsc1239308 CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users...

8.7CVSS7.2AI score0.01471EPSS
Exploits2References12
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.6 views

PT-2025-5362 · Jetbrains · Jetbrains Hub

Name of the Vulnerable Software and Affected Versions: JetBrains Hub versions prior to 2024.3.55417 Description: The issue allows for privilege escalation through LDAP authentication mapping. Recommendations: For versions prior to 2024.3.55417, update to version 2024.3.55417 or later to resolve t...

9CVSS7.8AI score0.00276EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.6 views

JetBrains Hub 安全漏洞

JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. JetBrains Hub suffers from an elevation of privilege vulnerability that originates from an elevation of privilege via LDAP authentication mappin...

8.8CVSS7.1AI score0.00276EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/09 7:46 a.m.3 views

Race Condition

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Race Condition during the LDAP authentication process. An attacker can hijack another user's session by initiating multiple simultaneous login attempts. Remediation Upgrade pgadmin4 to version 7.0 or highe...

8CVSS7.1AI score0.0044EPSS
Exploits0References2
OSV
OSV
added 2025/01/09 7:26 a.m.4 views

CVE-2023-1907 Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS7AI score0.0044EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.4 views

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin that stems from the fact that a user logged into pgAdmin running in server mode using LDAP authentication may attach to another...

8CVSS6.5AI score0.0044EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/12/27 12:43 a.m.3 views

SUSE CVE-2023-1907

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

7.1CVSS7.1AI score0.0044EPSS
Exploits0References5
OSV
OSV
added 2024/11/21 11:15 a.m.2 views

CVE-2024-11320

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through =777.4...

9.8CVSS7.5AI score0.9123EPSS
Exploits2References1
OSV
OSV
added 2024/11/20 9:15 a.m.5 views

CVE-2024-10127

Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration...

9.8CVSS5.8AI score0.00597EPSS
Exploits0References2
OSV
OSV
added 2024/09/16 6:15 a.m.6 views

CVE-2024-8777

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials...

7.5CVSS6AI score0.00543EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/15 12:0 a.m.8 views

PT-2024-39243 · Syscom · Omflow

Name of the Vulnerable Software and Affected Versions: OMFLOW from The SYSCOM Group affected versions not specified Description: The issue allows unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials...

7.5CVSS7.3AI score0.00543EPSS
Exploits0References12
Rows per page
Query Builder