15 matches found
EUVD-2020-24105
Malware in sbrugna...
CVE-2020-16093
In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used...
Debian dla-3285 : libapache-session-browseable-perl - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3285 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3285-1 [email protected]...
Debian dla-3284 : libapache-session-ldap-perl - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3284 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3284-1 [email protected]...
[SECURITY] [DLA 3287-1] lemonldap-ng security update
Debian LTS Advisory DLA-3287-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 28, 2023 https://wiki.debian.org/LTS Package : lemonldap-ng Version : 2.0.2+ds-7+deb10u8 CVE ID : CVE-2020-16093 CVE-2022-37186 Two vulnerabilities were found in lemonldap-ng, an...
CVE-2020-16093
creationtimestamp| type| source ---|---|--- 2023-01-27 07:34:06+00:00| seen| https://t.me/cibsecurity/57022 2023-01-27 07:43:28+00:00| seen| https://t.me/VulnerabilityNews/31665 2023-01-27 07:43:29+00:00| seen| https://t.me/VulnerabilityNews/31666 2025-03-28 18:28:21+00:00|...
Design/Logic Flaw
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-160...
Design/Logic Flaw
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix...
CVE-2020-36659
CVE-2020-36659 affects Apache::Session::Browseable (before 1.3.6) where X.509 certificate validation is not enforced by default for remote LDAP backends due to Net::LDAPS default config. This vulnerability is tied to LemonLDAP::NG and its Apache::Session dependencies; Debian and OpenVAS advisorie...
CVE-2020-36658
CVE-2020-36658 affects Apache::Session::LDAP prior to 0.5, where validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends because the Net::LDAPS Perl module default is used. This can enable spoofing or exposure of sensitive information if an attacker tri...
CVE-2020-36659
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-160...
CVE-2020-36659
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-160...
CVE-2020-36658
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix...
CVE-2020-36659
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-160...
CVE-2020-16093
CVE-2020-16093 affects LemonLDAP::NG prior to 2.0.9 where X.509 certificate validation is not performed by default when connecting to remote LDAP backends due to Net::LDAPS Perl config. The Debian LTS advisory DLA-3287-1 fixes this for Debian 10 by upgrading lemonldap-ng to 2.0.2+ds-7+deb10u8 (an...