Security update 5.1.1.1 for Multi-Linux Manager Client Tools

This update fixes the following issues: grafana was updated from version 11.5.7 to 11.5.10: Security issues fixed: CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client version 11.5.10 bsc1254113 CVE-2025-47911: Fix parsing HTML documents version 11.5.10 bsc12514...

Linux Distros Unpatched Vulnerability : CVE-2024-28820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers wi...

FreeBSD : security/openvpn-auth-ldap -- Fix buffer overflow in challenge/response (e915b60e-ea25-11ef-a1c0-0050569f0b83)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e915b60e-ea25-11ef-a1c0-0050569f0b83 advisory. Graham Northup reports: A buffer overflow in extractopenvpncr allows attackers with a valid LDAP userna...

CVE-2024-28820

Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...

PT-2024-22590 · Unknown +1 · Openvpn-Auth-Ldap +1

Name of the Vulnerable Software and Affected Versions: openvpn-auth-ldap version 2.0.4 Description: The issue is a buffer overflow in the extract openvpn cr function in openvpn-cr.c that allows attackers with a valid LDAP username and control over the challenge/response password field to cause a...

grafana: authentication bypass knowing only a username of an LDAP or OAuth user

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user...

NetScaler Gateway : Radius Authentication Fails Intermittently Despite RADIUS Server Accept

NetScaler Gateway Authentication Scenario 1: Gateway Page would present the authentication to be done in 2 factor. First the user enters the LDAP username and password. Now there would be 2 options either user can do the touch authentication present in the MFA Application or else can wait for the...

Important: java-1.7.0-openjdk

Issue Overview: DerValue unbounded memory allocation: It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive...

Xerox Workcentre 5735 LDAP Service Redential Extractor

This module extract the printer's LDAP username and password from Xerox Workcentre 5735. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xerox Workcentre 5735 LDAP Service Redential Extractor',...