Known Vulnerabilities for Lemur by Netflix
Listed below are 2 of the newest known vulnerabilities associated with "Lemur" by "Netflix".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-44305 json | Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authenti... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-44304 json | Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LD... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2023-30797 json | Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficientl... | 7.5 - HIGH | 2023-04-19 | 2023-05-01 |
| CVE-2015-7764 json | Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. | 7.5 - HIGH | 2017-08-09 | 2019-12-11 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Netflix | Lemur | 0.5 | |||
| Application | Netflix | Lemur | 0.4 | |||
| Application | Netflix | Lemur | 0.3.0 | |||
| Application | Netflix | Lemur | 0.2.2 | |||
| Application | Netflix | Lemur | 0.2.1 | |||
| Application | Netflix | Lemur | 0.2.0 | |||
| Application | Netflix | Lemur | 0.1.5 | |||
| Application | Netflix | Lemur | 0.1.4 |