Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lemonldap:: vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-16093
In LemonLDAP::NG (aka lemonldap-ng) up to and including 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
Lemonldap-ng Lemonldap\\ \\
Debian Debian Linux 10.0
5.9
CVSSv3
CVE-2022-37186
In LemonLDAP::NG prior to 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed...
Lemonldap-ng Lemonldap\\ \\
4.3
CVSSv3
CVE-2023-44469
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG prior to 2.17.1 allows authenticated remote malicious users to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.
Lemonldap-ng Lemonldap\\ \\
NA
CVE-2012-6426
LemonLDAP::NG prior to 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote malicious users to bypass intended access-control restrictions via crafted SAML data.
Lemonldap-ng Lemonldap\\ \\
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2