Lucene search
+L

571 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-14827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and...

6.5CVSS6.4AI score0.01562EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/06 1:19 p.m.5 views

CVE-2025-6013

A flaw was found in github.com/hashicorp/vault. The LDAP authentication method fails to properly enforce multi-factor authentication when usernameasalias is enabled and a user possesses multiple Common Names CNs containing differing leading or trailing spaces. A remote attacker authenticated as a...

6.5CVSS6.4AI score0.00502EPSS
Exploits0References4
OSV
OSV
added 2025/08/06 12:31 p.m.6 views

GHSA-7RX2-769V-HRWF HashiCorp Vault ldap auth method may not have correctly enforced MFA

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

6.5CVSS6.2AI score0.00502EPSS
Exploits0References3
CVE
CVE
added 2025/08/06 10:6 a.m.31 views

CVE-2025-6013

CVE-2025-6013 concerns Vault and Vault Enterprise’s LDAP authentication. The issue is a bypass of MFA enforcement when the LDAP method is configured with username_as_alias=true and a user has multiple equal CNs that include leading or trailing spaces, allowing a user to bypass alias-specific MFA ...

8.1CVSS6.4AI score0.00502EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/08/06 10:6 a.m.3 views

CVE-2025-6013 Vault LDAP MFA Enforcement Bypass When Using Username As Alias

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

6.5CVSS6.6AI score0.00502EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.5 views

PT-2025-32152

Name of the Vulnerable Software and Affected Versions Vault versions prior to 1.20.2 Vault Enterprise versions prior to 1.20.2 Vault Enterprise version 1.19.8 Vault Enterprise version 1.18.13 Vault Enterprise version 1.16.24 Description The LDAP authentication method in Vault and Vault Enterprise...

8.5CVSS6.7AI score0.00502EPSS
Exploits0References60
OSV
OSV
added 2025/08/05 8:52 a.m.8 views

BIT-VAULT-2025-6004 Vault Userpass and LDAP User Lockout Bypass

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.3CVSS6.5AI score0.00394EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/04 12:37 p.m.5 views

CVE-2025-6004

A flaw was found in github.com/hashicorp/vault. The user lockout feature for Userpass and LDAP authentication methods can be bypassed, allowing an attacker to circumvent account lockout restrictions. This circumvention occurs without requiring prior authentication or knowledge of user credentials...

5.3CVSS7.2AI score0.00394EPSS
Exploits0References5
OSV
OSV
added 2025/08/01 6:31 p.m.3 views

GHSA-QGJ7-FMQ2-6CC4 Hashicorp Vault has Lockout Feature Authentication Bypass

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.3CVSS6.4AI score0.00394EPSS
Exploits0References3
NVD
NVD
added 2025/08/01 6:15 p.m.7 views

CVE-2025-6004

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.3CVSS0.00394EPSS
Exploits0References1
CVE
CVE
added 2025/08/01 5:56 p.m.51 views

CVE-2025-6004

CVE-2025-6004 describes a bypass of Vault’s user lockout feature for Userpass and LDAP authentication. Root cause details are not fully enumerated in the provided docs, but fixes are stated: Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23 address the issue...

5.3CVSS7.4AI score0.00394EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/08/01 5:56 p.m.12 views

CVE-2025-6004 Vault Userpass and LDAP User Lockout Bypass

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.3CVSS0.00394EPSS
Exploits0References1
NVD
NVD
added 2025/07/15 8:15 p.m.7 views

CVE-2025-50103

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.4CVSS0.0041EPSS
Exploits0References1
OSV
OSV
added 2025/07/15 8:15 p.m.3 views

UBUNTU-CVE-2025-50103

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.4CVSS5.8AI score0.0041EPSS
Exploits0References3
Redos
Redos
added 2025/07/03 12:0 a.m.6 views

ROS-20250703-01

Vulnerability in Server Mode LDAP authentication configuration of database management tool pgAdmin 4 is related to incorrect session commit as a result of improper access delimitation. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the security restrictions...

8CVSS7.8AI score0.00447EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 11:38 a.m.10 views

CVE-2025-24456

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping...

8.8CVSS7.5AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:1 a.m.10 views

CVE-2024-29865

Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form...

5.4CVSS7.2AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.6 views

CVE-2024-25976

When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...

6.1CVSS6.6AI score0.00604EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:9 a.m.16 views

CVE-2024-39848

Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Service...

9.1CVSS7.4AI score0.00438EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.8 views

CVE-2024-10127

Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration...

9.8CVSS7.4AI score0.00597EPSS
Exploits0References1
Rows per page
Query Builder