Debian/lemonldap-ng — 33 CVEs · VulnScope

pkg:Debian/lemonldap-ng

33 total CVEsCRITICAL11HIGH11MEDIUM9

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2019-19791In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/RE…
from 0, < 2.0.7+ds-1
CRITICAL9.8CVE-2023-28862lemonldap-ng - security update
from 0, < 2.0.11+ds-4+deb11u4
CRITICAL9.8CVE-2023-28862lemonldap-ng - security update
from 0, < 2.0.2+ds-7+deb10u9
CRITICAL9.8An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13.
from 0, < 2.0.11+ds-4+deb11u1
CRITICAL9.8lemonldap-ng - security update
from 0, < 2.0.6+ds-1
CRITICAL9.8lemonldap-ng - security update
from 0, < 2.0.2+ds-7+deb10u2
CRITICAL9.8lemonldap-ng - security update
from 0, < 1.9.7-3+deb9u1
CRITICAL9.8lemonldap-ng - security update
from 0, < 2.0.2+ds-7+deb10u1
CRITICAL9.8lemonldap-ng - security update
from 0, < 1.3.3-1+deb8u1
CRITICAL9.1An issue was discovered in LemonLDAP::NG before 2.0.12.
from 0, < 2.0.11+ds-4
CRITICAL9.1Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication vi…
from 0, < 2.19.2+ds-1
HIGH8.8An issue was discovered in LemonLDAP::NG before 2.20.1.
from 0, < 2.0.11+ds-4+deb11u6
HIGH8.8lemonldap-ng - security update
from 0, < 2.0.2+ds-7+deb10u6
HIGH8.8lemonldap-ng - security update
from 0, < 2.0.11+ds-4
HIGH8.1lemonldap-ng - security update
from 0, < 1.3.3-1+deb8u2
HIGH8.1lemonldap-ng - security update
from 0, < 2.0.0+ds-1
HIGH8.0In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail.
from 0, < 2.0.11+ds-4+deb11u8
HIGH7.5lemonldap-ng - security update
from 0, < 2.0.9+ds-1
HIGH7.5lemonldap-ng - security update
from 0, < 2.0.2+ds-7+deb10u8
HIGH7.2lemonldap-ng - security update
from 0, < 2.16.1+ds-deb12u6
HIGH7.2lemonldap-ng - security update
from 0, < 2.0.11+ds-4+deb11u7
HIGH7.2lemonldap-ng - security update
from 0, < 2.0.11+ds-4+deb11u7
MEDIUM6.5lemonldap-ng - security update
from 0, < 2.0.2+ds-7+deb10u5
MEDIUM6.5lemonldap-ng - security update
from 0, < 2.0.9+ds-1
MEDIUM6.5lemonldap-ng - security update
from 0, < 1.9.7-3+deb9u4
MEDIUM6.1lemonldap-ng - security update
from 0, < 2.0.11+ds-4+deb11u6
MEDIUM6.1lemonldap-ng - security update
from 0, < 2.0.11+ds-4+deb11u6
MEDIUM5.9In LemonLDAP::NG before 2.0.15.
from 0, < 2.0.11+ds-4+deb11u2
MEDIUM5.4A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML vi…
from 0, < 2.0.11+ds-4+deb11u6
MEDIUM4.3lemonldap-ng - security update
from 0, < 2.0.2+ds-7+deb10u10
MEDIUM4.3lemonldap-ng - security update
from 0, < 2.0.11+ds-4+deb11u5
—LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass…
from 0, < 1.2.2-3
—(no summary)
from 0, < 2.0.11+ds-4+deb11u8