PT-2026-51252

Name of the Vulnerable Software and Affected Versions lemonldap-ng versions prior to 2.23.1 Description An issue exists in the SAML Common Domain Cookie Endpoint within the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm. A remote attacker can perform a manipulation of the url argument...

EUVD-2020-1371

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-35473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token...

CVE-2019-15941

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the...

CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...

LemonLDAP::NG 信任管理问题漏洞

LemonLDAP::NG is a web single sign-on and access management software. A security vulnerability exists in LemonLDAP::NG version 2.0.8, which stems from a default failure to check the validity of X.509 certificates when connecting to a remote LDAP backend, due to the use of the default configuratio...