Lucene search
+L

571 matches found

redhatcve
redhatcve
added 2025/02/05 1:37 p.m.7 views

CVE-2020-26214

In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for...

9.8CVSS7.2AI score0.65933EPSS
Exploits0
redhatcve
redhatcve
added 2025/02/05 1:35 p.m.7 views

CVE-2020-26288

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...

7.7CVSS6.6AI score0.00796EPSS
Exploits0
ibm
ibm
added 2025/02/05 4:43 a.m.12 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Apache Derby: LDAP Injection Vulnerability In Authenticator

Summary A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware...

9.8CVSS7.9AI score0.01418EPSS
Exploits0Affected Software1
openvas
openvas
added 2025/02/05 12:0 a.m.7 views

Xerox Printers Multiple Vulnerabilities (XRX25-003)

Multiple Xerox printers are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.6CVSS7.9AI score0.00923EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/02/03 6:52 p.m.8 views

CVE-2024-12510 LDAP Authentication Sever Pass-back attack

If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup...

6.7CVSS6.7AI score0.00923EPSS
Exploits0References1
nessus
nessus
added 2025/01/23 12:0 a.m.24 views

JetBrains YouTrack 2024.3.55417 Multiple Vulnerabilities

The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.55417. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024355417 advisory. - In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping...

8.8CVSS5.6AI score0.00587EPSS
Exploits0References4
nvd
nvd
added 2025/01/21 6:15 p.m.23 views

CVE-2025-24456

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping...

8.8CVSS0.00276EPSS
Exploits0References1
cvelist
cvelist
added 2025/01/21 5:23 p.m.18 views

CVE-2025-24456

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping...

6.7CVSS0.00276EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/01/21 5:23 p.m.8 views

CVE-2025-24456

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping...

6.7CVSS7.5AI score0.00276EPSS
Exploits0References1
cve
cve
added 2025/01/21 5:23 p.m.64 views

CVE-2025-24456

CVE-2025-24456 affects JetBrains Hub; multiple sources confirm a privilege escalation via LDAP authentication mapping in Hub before version 2024.3.55417. Affected product/version: JetBrains Hub prior to 2024.3.55417. Root cause: privilege escalation through LDAP authentication mapping. Impact: el...

8.8CVSS7.6AI score0.00276EPSS
Exploits0References1Affected Software1
veracode
veracode
added 2025/01/14 7:36 a.m.8 views

Race Condition

pgAdmin is vulnerable to Race Condition. The vulnerability is due to improper session handling in server mode with LDAP authentication, where simultaneous login attempts can result in users being attached to another user's session...

8CVSS6.6AI score0.00447EPSS
Exploits0References7Affected Software1
metasploit
metasploit
added 2025/01/09 6:57 p.m.588 views

Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password

Pandora FMS is a monitoring solution that provides full observability for your organization's technology. This module exploits an command injection vulnerability in the LDAP authentication mechanism of Pandora FMS. You need have admin access at the Pandora FMS Web application in order to execute...

9.8CVSS9.4AI score0.9123EPSS
Exploits2
osv
osv
added 2025/01/09 9:31 a.m.5 views

GHSA-7W6R-748W-MH52 pgAdmin has Incorrect Default Permissions

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS7.8AI score0.00447EPSS
Exploits0References7
github
github
added 2025/01/09 9:31 a.m.15 views

pgAdmin has Incorrect Default Permissions

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS7AI score0.00447EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 2025/01/09 8:15 a.m.6 views

CVE-2023-1907

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS5.8AI score0.00447EPSS
Exploits0References3
nvd
nvd
added 2025/01/09 8:15 a.m.12 views

CVE-2023-1907

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS0.00447EPSS
Exploits0References2
cve
cve
added 2025/01/09 7:26 a.m.84 views

CVE-2023-1907

Summary: CVE-2023-1907 affects pgAdmin4. When logging in to pgAdmin in server mode with LDAP authentication, multiple simultaneous connection attempts may cause a user to be attached to another user’s session. The related open-source/OSV entries indicate a fix for this issue in pgAdmin4 (e.g., OS...

8CVSS7.9AI score0.00447EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2025/01/09 7:26 a.m.7 views

CVE-2023-1907 Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS7.3AI score0.00447EPSS
Exploits0References2
cvelist
cvelist
added 2025/01/09 7:26 a.m.17 views

CVE-2023-1907 Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS0.00447EPSS
Exploits0References2
cve
cve
added 2024/12/19 8:10 p.m.48 views

CVE-2024-12111

CVE-2024-12111 describes an LDAP injection vulnerability in OpenText Privileged Access Manager that can lead to authentication bypass. Affected products: OpenText Privileged Access Manager; affected versions: 23.3(4.4) and 24.3(4.5). Root cause: LDAP authentication path injection; impact: authent...

8CVSS7AI score0.00367EPSS
Exploits0References2
Rows per page
Query Builder