MidnightBSD

Advisories for net-ldap_project

CVE-2014-0083 LOW

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-916,

Products Affected

Vendor Product Version
net-ldap_project net-ldap *
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2017-17718 MEDIUM

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
net-ldap_project net-ldap 0.2.1
net-ldap_project net-ldap 0.11
net-ldap_project net-ldap 0.13.0
net-ldap_project net-ldap 0.14.0
net-ldap_project net-ldap 0.2.2
net-ldap_project net-ldap 0.1.1
net-ldap_project net-ldap 0.9.0
net-ldap_project net-ldap 0.8.0
net-ldap_project net-ldap 0.10.0
net-ldap_project net-ldap 0.10.1
net-ldap_project net-ldap 0.2
net-ldap_project net-ldap 0.0.5
net-ldap_project net-ldap 0.6.1
net-ldap_project net-ldap 0.1.0
net-ldap_project net-ldap 0.3.1
net-ldap_project net-ldap 0.5.1
net-ldap_project net-ldap 0.6.0
net-ldap_project net-ldap 0.3.0
net-ldap_project net-ldap 0.15.0
net-ldap_project net-ldap 0.7.0
net-ldap_project net-ldap 0.12.0
net-ldap_project net-ldap 0.12.1