EUVD-2021-26643

Malware in sbrugna...

EUVD-2007-5764

Malware in sbrugna...

EUVD-2020-24104

Malware in sbrugna...

EUVD-2024-19887

Malicious code in bioql PyPI...

CVE-2024-54852

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...

PT-2025-3081 · Teedy · Teedy

Name of the Vulnerable Software and Affected Versions: Teedy versions 1.9 through 1.12 Description: The issue arises when the LDAP connection is activated, allowing an unauthenticated attacker to exploit the username field of the login form due to improper sanitization of user input. This enables...

Log4Shell HTTP Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Scanner', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration,...

389-ds security update

1.4.3.39-7 - Bump version to 1.4.3.39-7 - Resolves: RHEL-16277 - LDAP connections are closed with code T2 before the IO block timeout is reached. rhel-8.10.0.z 1.4.3.39-6 - Bump version to 1.4.3.39-6 - Resolves: RHEL-16277 - LDAP connections are closed with code T2 before the IO block timeout is...

Credential Leakage

org.keycloak, keycloak-core is vulnerable to Credential Leakage. The vulnerability is due to a lack of proper validation and enforcement when administrators change the LDAP Connection URL without requiring re-entry of the currently configured LDAP bind credentials. The vulnerability allows an...

CVE-2024-22326

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: 279518...

CVE-2024-22326 IBM System Storage improper authentication

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: 279518...

Oracle Linux 5 : nss_ldap (ELSA-2008-0389)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2008-0389 advisory. 253-12 - rebuild 253-11 - backport changes to group parsing from version 254 to fix heap corruption when parsing nested groups 444031 253-10 - remove unnecessar...

SUSE CVE-2007-5794

Race condition in nssldap, when used in applications that are linked against the pthread library and fork after a call to nssldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong...

dotnet: System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if TLS handshake fails

A flaw was found in dotnet, where the System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if the Transport Layer Security TLS handshake fails. This flaw allows an attacker to intercept sensitive information. The highest threat from this vulnerability is to...

PT-2021-7948 · Microsoft +4 · System.Directoryservices.Protocols +4

Name of the Vulnerable Software and Affected Versions: System.DirectoryServices.Protocols version 5.0.0 Description: A information disclosure issue exists where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on Linux. This could allow a remote attacker to...

RHEL 7 : java-1.8.0-ibm (RHSA-2021:0717)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0717 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

RHEL 8 : java-1.8.0-ibm (RHSA-2021:0736)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0736 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

Critical: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Critical: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CentOS 8 : java-1.8.0-openjdk (CESA-2020:4347)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4347 advisory. - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces Serialization, 8236862 CVE-2020-14779 - OpenJDK: Credentials se...