65 matches found
CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
EUVD-2019-5020
Malware in sbrugna...
EUVD-2010-0629
Malware in sbrugna...
EUVD-2022-52742
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-31085
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the sessi...
RHEL 7 : fetchmail (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - fetchmail: STARTTLS session encryption bypassing CVE-2021-39272 - reportvbuild in report.c in Fetchmail...
RHEL 6 : fetchmail (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - fetchmail: STARTTLS session encryption bypassing CVE-2021-39272 - reportvbuild in report.c in Fetchmail...
CVE-2024-31999 @fastify/secure-session: Reuse of destroyed secure session cookie
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
GHSA-9WWP-Q7WQ-JX35 @fastify/secure-session: Reuse of destroyed secure session cookie
Impact At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided...
CentOS 9 : fetchmail-6.4.24-1.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the fetchmail-6.4.24-1.el9 build changelog. - reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow...
Amazon Linux AMI : openldap (ALAS-2023-1741)
The version of openldap installed on the remote host is prior to 2.4.40-16.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1741 advisory. An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and...
Important: openldap
Issue Overview: An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered...
GLSA-202209-14 : Fetchmail: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202209-14 Fetchmail: Multiple Vulnerabilities - reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or...
CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
DEBIAN-CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
UBUNTU-CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
Design/Logic Flaw
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-31085 Missing Encryption of Sensitive Data in ldap-account-manager
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-31085
CVE-2022-31085 affects LDAP Account Manager (LAM). In versions prior to 8.0, session files can contain LDAP usernames and passwords in clear text when the PHP OpenSSL extension is not installed or session encryption is disabled. The issue is fixed in LAM 8.0; if upgrading is not possible, enable ...
PT-2022-3280 · Unknown +1 · Ldap Account Manager +1
Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 8.0 Description: The issue is related to the lack of protection for confidential information in the LDAP Account Manager web application. Exploitation of this issue may allow an attacker to obtain LDAP...