Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/18 2:44 p.m.27 views

CVE-2026-11791 389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS0.00212EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 2:44 p.m.8 views

EUVD-2026-37902

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS5.2AI score0.00212EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-50687

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw exists during schema reload where the attr syntax swap ht function unconditionally frees attribute syntax information nodes. This action bypasses the refcount-based deferr...

5CVSS5.8AI score0.00212EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/05/21 9:31 p.m.17 views

Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

6AI score0.00056EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder