852 matches found
Apache Airflow 安全漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow FAB Auth Manager,...
curl: lib/ldap.c follows attacker-controlled LDAP referrals and binds to a second server; WinLDAP builds leak current logon credentials (confirmed on Window
Summary: curl's generic LDAP backend lib/ldap.c does not disable automatic LDAP referral chasing, unlike lib/openldap.c, which explicitly sets LDAPOPTREFERRALS to LDAPOPTOFF. As a result, a malicious first-hop LDAP server can return a referral to an attacker-controlled second LDAP server and caus...
CVE-2026-41076
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...
EUVD-2026-31504
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...
CVE-2026-41076 RT: LDAP authentication bypass via empty password
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...
CVE-2026-44930
Technical details are not publicly available in the provided documents. Monitor for updates.
Unity Linux 20.1060e / 20.1070e Security Update: logback (UTSA-2026-016687)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016687 advisory. In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to...
CVE-2026-44052
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...
CVE-2026-44063
An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input...
CVE-2026-44052
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...
CVE-2026-44052 LDAP simple-bind password exposure in log output
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...
Netatalk 日志信息泄露漏洞
Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.1.0 to 4.4.2 of Netatalk contained a vulnerability related to log information leakage. This vulnerability stemmed from...
PT-2026-42409
Name of the Vulnerable Software and Affected Versions Netatalk versions 2.1.0 through 4.4.2 Description Netatalk inserts LDAP simple-bind passwords into log output in cleartext. This allows an attacker with access to the log files to obtain LDAP credentials. Recommendations Update to version 4.4....
CVE-2026-9064 389-ds-base: 389-ds-base: unbounded ldap controls count in get_ldapmessage_controls_ext() causes cpu and heap amplification (remote dos)
A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...
Astra Linux – Vulnerability in Zabbix
The request to LDAP is sent before checking the user permissions...
Astra Linux – Vulnerability in Bouncycastle
The Bouncy Castle For Java version prior to 1.74 is affected by an LDAP injection vulnerability. This vulnerability only affects applications that use the LDAP CertStore provided by Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the...
Astra Linux – Vulnerability in Samba
A vulnerability related to information leaks was discovered in Samba’s LDAP server. Due to missing access control checks, a authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store...
Astra Linux – Vulnerability in curl
There is an improper authentication vulnerability in curl versions 7.33.0 through and including 7.82.0. This vulnerability may allow for the reuse of OAUTH2-authenticated connections without ensuring that the connection was authentically verified with the same credentials used for this transfer...
Astra Linux – Vulnerability in Derby
A cleverly designed username can bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could allow an attacker to create unnecessary Derby databases, thereby filling up storage space. In LDAP-authenticated Derby installations, the attacker could also execute malware...
CVE-2026-41919
Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...