169 matches found
PT-2025-15528 · Microsoft · Windows Ldap +1
Name of the Vulnerable Software and Affected Versions: Windows LDAP affected versions not specified Description: The issue concerns uncontrolled resource consumption in Windows LDAP, allowing an unauthorized attacker to deny service over a network. This can lead to a denial-of-service attack...
Vulnerability fixed in Synology DiskStation Manager
Synology has fixed a vulnerability in Synology DiskStation Manager DSM. The vulnerability is located in the LDAP functionality of Synology DiskStation Manager. This vulnerability can be exploited by man-in-the-middle attackers, allowing unauthorized interception of administrator authentication...
CVE-2025-27497 OpenDJ Denial of Service (Dos) using alias loop
OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 contains a denial-of-service DoS vulnerability that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsear...
MinIO allows an SFTP authentication bypass due to improperly trusted SSH key
Summary A bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. Details On a MinIO server with SFTP access configured and using LDAP as an external identity provider, MinIO supports SSH key based authentication fo...
GHSA-WC79-7X8X-2P58 MinIO allows an SFTP authentication bypass due to improperly trusted SSH key
Summary A bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. Details On a MinIO server with SFTP access configured and using LDAP as an external identity provider, MinIO supports SSH key based authentication fo...
CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key
MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...
Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)
During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers MFPs were vulnerable to pass-back attacks. The affected products identified were: Xerox Versalink MFPs Firmware Version: 57.69.91 and earlier This issue has been assigned the following CVEs: CVE-2024-1251...
CVE-2025-21376 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
...
PT-2025-6319 · Microsoft · Windows Ldap +1
Name of the Vulnerable Software and Affected Versions: Windows Lightweight Directory Access Protocol LDAP affected versions not specified Description: The issue is related to the implementation of the Lightweight Directory Access Protocol LDAP in Windows, caused by synchronization errors when usi...
CVE-2024-56841
A vulnerability has been identified in Mendix LDAP All versions V1.1.2. Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification...
CVE-2024-56841
A vulnerability has been identified in Mendix LDAP All versions V1.1.2. Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification...
CVE-2024-56841
A vulnerability has been identified in Mendix LDAP All versions V1.1.2. Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification...
About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)
About Remote Code Execution - Windows Lightweight Directory Access Protocol LDAP CVE-2024-49112. The vulnerability is from the December Microsoft Patch Tuesday. Three weeks later, on January 1, researchers from SafeBreach released a write-up on this vulnerability, labeled as LDAPNightmare , and a...
Exploit for Integer Overflow or Wraparound in Microsoft
CVE-2024-49112-PoC CVE-2024-49112 LDAP RCE PoC and Metasploit...
Exploit for Integer Overflow or Wraparound in Microsoft
PoC exploit for CVE-2024-49112 is uncertain. It is an offensive...
Exploit for Integer Overflow or Wraparound in Microsoft
PoC exploit for CVE-2024-49113, a Windows Server vulnerability...
CISCO-SA-20190306-NXOSLDAP
creationtimestamp| type| source ---|---|--- 2024-12-17 06:41:52+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113666794632028669...
CVE-2024-49127
CVE-2024-49127 is a Windows LDAP Remote Code Execution vulnerability in the LDAP component of Domain Controllers. The CVSS shows high impact (C/H, I/H, A/H) with network access required and no user interaction. The exploitation path involves an attacker obtaining network access to the DC and issu...
CVE-2024-49121
CVE-2024-49121 is an LDAP Denial-of-Service vulnerability in Windows LDAP (Domain Controller). The connected advisory confirms the LDAP issue as a DoS risk and notes that Microsoft has released fixes via updates; applying the relevant Windows security updates is the recommended remediation. MITRE...
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
...