18 matches found
EUVD-2022-5048
Malicious code in bioql PyPI...
unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...
GHSA-QWQ9-8RPF-8MP7 Weak Password Requirements in UnboundID LDAP SDK
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...
br.com.uiltonsites:servlet-framework (=3.0.0), com.a9ski:ldap-um (=1.0.0) +496 more potentially affected by CVE-2018-1000134 via com.unboundid:unboundid-ldapsdk (>=1.1.3 <=4.0.4)
com.unboundid:unboundid-ldapsdk MAVEN version =1.1.3, =5.0.7.3, =1.0.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.1.0, =1.1.0, =3.1.2, =1.31.2, =1.25.0, =1.36.1 and more Source cves: CVE-2018-1000134 Source advisory: OSV:GHSA-QWQ9-8RPF-8MP7...
Weak Password Requirements in UnboundID LDAP SDK
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...
Fedora 28 : unboundid-ldapsdk (2018-e8635ed222)
Rebase packages to version: 4.0.5 CVE-2018-1000134 has been fixed in 4.0.5 release of the UnboundID LDAP SDK for Java. A blog post has been written covering the details of this CVE and is available at https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-lda p-sdk-for-java/ Further...
RHEL 7 : Virtualization (RHSA-2018:1713)
An update for unboundid-ldapsdk is now available for Red Hat Virtualization Engine 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
[SECURITY] Fedora 28 Update: unboundid-ldapsdk-4.0.5-1.fc28
The UnboundID LDAP SDK for Java is a fast, powerful, user-friendly, and completely free Java library for communicating with LDAP directory servers and performing related tasks like reading and writing LDIF, encoding and decoding data using base64 and ASN.1 BER, and performing secure communicati o...
Fedora 26 : unboundid-ldapsdk (2018-c188d3f09a)
Rebase packages to version: 4.0.5 CVE-2018-1000134 has been fixed in 4.0.5 release of the UnboundID LDAP SDK for Java. A blog post has been written covering the details of this CVE and is available at https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-lda p-sdk-for-java/ Further...
[SECURITY] Fedora 27 Update: unboundid-ldapsdk-4.0.5-1.fc27
The UnboundID LDAP SDK for Java is a fast, powerful, user-friendly, and completely free Java library for communicating with LDAP directory servers and performing related tasks like reading and writing LDIF, encoding and decoding data using base64 and ASN.1 BER, and performing secure communicati o...
[SECURITY] Fedora 26 Update: unboundid-ldapsdk-4.0.5-1.fc26
The UnboundID LDAP SDK for Java is a fast, powerful, user-friendly, and completely free Java library for communicating with LDAP directory servers and performing related tasks like reading and writing LDIF, encoding and decoding data using base64 and ASN.1 BER, and performing secure communicati o...
UnboundID LDAP SDK Authentication Bypass Vulnerability
UnboundID LDAP SDK is a software development kit for LDAP directory servers that communicate with Java. An authentication bypass vulnerability exists in the SimpleBindRequest handler function in the UnboundID LDAP SDK commit. An attacker can exploit this vulnerability by providing a valid usernam...
CVE-2018-1000134
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...
CVE-2018-1000134
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...
CVE-2018-1000134
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...
Improper access control
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...
CVE-2018-1000134
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...
CVE-2018-1000134
CVE-2018-1000134 affects the UnboundID LDAP SDK for Java. The issue is an Incorrect Access Control in the SimpleBindRequest.process function that does not check for an empty password in synchronous mode, potentially allowing authentication bypass by a valid username with an empty password. The vu...