pkg:Debian/lemonldap-ng

All known vulnerabilities

• CRITICAL9.8CVE-2019-19791In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/RE…
  from 0, < 2.0.7+ds-1
• CRITICAL9.8CVE-2023-28862lemonldap-ng - security update
  from 0, < 2.0.11+ds-4+deb11u4
• CRITICAL9.8CVE-2023-28862lemonldap-ng - security update
  from 0, < 2.0.2+ds-7+deb10u9
• CRITICAL9.8CVE-2021-40874An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13.
  from 0, < 2.0.11+ds-4+deb11u1
• CRITICAL9.8CVE-2019-15941lemonldap-ng - security update
  from 0, < 2.0.6+ds-1
• CRITICAL9.8CVE-2019-15941lemonldap-ng - security update
  from 0, < 2.0.2+ds-7+deb10u2
• CRITICAL9.8CVE-2019-12046lemonldap-ng - security update
  from 0, < 1.9.7-3+deb9u1
• CRITICAL9.8CVE-2019-12046lemonldap-ng - security update
  from 0, < 2.0.2+ds-7+deb10u1
• CRITICAL9.8CVE-2019-12046lemonldap-ng - security update
  from 0, < 1.3.3-1+deb8u1
• CRITICAL9.1CVE-2021-35473An issue was discovered in LemonLDAP::NG before 2.0.12.
  from 0, < 2.0.11+ds-4
• CRITICAL9.1CVE-2024-45160Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication vi…
  from 0, < 2.19.2+ds-1
• HIGH8.8CVE-2024-52946An issue was discovered in LemonLDAP::NG before 2.20.1.
  from 0, < 2.0.11+ds-4+deb11u6
• HIGH8.8CVE-2021-35472lemonldap-ng - security update
  from 0, < 2.0.2+ds-7+deb10u6
• HIGH8.8CVE-2021-35472lemonldap-ng - security update
  from 0, < 2.0.11+ds-4
• HIGH8.1CVE-2019-13031lemonldap-ng - security update
  from 0, < 1.3.3-1+deb8u2
• HIGH8.1CVE-2019-13031lemonldap-ng - security update
  from 0, < 2.0.0+ds-1
• HIGH8.0CVE-2025-59518In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail.
  from 0, < 2.0.11+ds-4+deb11u8
• HIGH7.5CVE-2020-16093lemonldap-ng - security update
  from 0, < 2.0.9+ds-1
• HIGH7.5CVE-2020-16093lemonldap-ng - security update
  from 0, < 2.0.2+ds-7+deb10u8
• HIGH7.2CVE-2025-31510lemonldap-ng - security update
  from 0, < 2.16.1+ds-deb12u6
• HIGH7.2CVE-2025-31510lemonldap-ng - security update
  from 0, < 2.0.11+ds-4+deb11u7
• HIGH7.2CVE-2025-31510lemonldap-ng - security update
  from 0, < 2.0.11+ds-4+deb11u7
• MEDIUM6.5CVE-2020-24660Lack of URL normalization may lead to authorization bypass when URL access rules are used
  from 0, < 2.0.2+ds-7+deb10u5
• MEDIUM6.5CVE-2020-24660Lack of URL normalization may lead to authorization bypass when URL access rules are used
  from 0, < 2.0.9+ds-1
• MEDIUM6.5CVE-2020-24660Lack of URL normalization may lead to authorization bypass when URL access rules are used
  from 0, < 1.9.7-3+deb9u4
• MEDIUM6.1CVE-2024-48933lemonldap-ng - security update
  from 0, < 2.0.11+ds-4+deb11u6
• MEDIUM6.1CVE-2024-48933lemonldap-ng - security update
  from 0, < 2.0.11+ds-4+deb11u6
• MEDIUM5.9CVE-2022-37186In LemonLDAP::NG before 2.0.15.
  from 0, < 2.0.11+ds-4+deb11u2
• MEDIUM5.4CVE-2024-52947A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML vi…
  from 0, < 2.0.11+ds-4+deb11u6
• MEDIUM4.3CVE-2023-44469lemonldap-ng - security update
  from 0, < 2.0.2+ds-7+deb10u10
• MEDIUM4.3CVE-2023-44469lemonldap-ng - security update
  from 0, < 2.0.11+ds-4+deb11u5
• —CVE-2012-6426LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass…
  from 0, < 1.2.2-3
• —CVE-2024-52948(no summary)
  from 0, < 2.0.11+ds-4+deb11u8