Lucene search
+L

365 matches found

osv
osv
added 2026/07/08 12:6 p.m.3 views

RLSA-2026:36196 Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: 389-ds-base: Heap buffer overflow in sasliorecv via padded SASL...

8.8CVSS6.2AI score0.0067EPSS
Exploits0References3
rocky
rocky
added 2026/07/08 12:3 p.m.4 views

389-ds-base security update

An update is available for 389-ds-base. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The ba...

8.8CVSS6.2AI score0.0067EPSS
Exploits0
redhat
redhat
added 2026/07/07 1:5 p.m.12 views

Important: Red Hat Security Advisory: 389-ds:1.4 security update

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Comm...

8.8CVSS6.2AI score0.0067EPSS
Exploits0References3
almalinux
almalinux
added 2026/07/07 12:0 a.m.9 views

Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: 389-ds-base: Heap buffer overflow in sasliorecv via padded SASL...

8.8CVSS6.2AI score0.0067EPSS
Exploits0References6
euvd
euvd
added 2026/07/03 12:31 a.m.8 views

EUVD-2026-41456

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...

9.2CVSS6.2AI score0.00646EPSS
Exploits0References2
cve
cve
added 2026/06/23 4:18 p.m.28 views

CVE-2026-56968

CVE-2026-56968 affects GNU SASL versions prior to 2.2.4. The NTLM client’s short challenge in the function _gsasl_ntlm_client_step has inadequate sanitization, which can lead to memory disclosure when interacting with a crafted server. Public sources (SUSE, Debian OSV, Ubuntu/Ubuntu-related advis...

5.3CVSS5.8AI score0.00241EPSS
Exploits1References4Affected Software1
cve
cve
added 2026/06/09 5:5 p.m.92 views

CVE-2026-50508

CVE-2026-50508 describes an exposure of sensitive information in Windows NTLM that enables an unauthenticated network-based spoofing capability. The vulnerability affects the Windows NTLM authentication path and is documented with a network attack vector and a high confidentiality impact. Public ...

7.5CVSS5.4AI score0.00662EPSS
Exploits0References1Affected Software6
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.19 views

PT-2026-48298

Name of the Vulnerable Software and Affected Versions MongoDB server affected versions not specified Description The server may log authentication parameters, including credentials, to the server log during SASL Simple Authentication and Security Layer authentication. This occurs when connection...

6.8CVSS5.2AI score0.00119EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.18 views

PT-2026-48124

Name of the Vulnerable Software and Affected Versions Windows NTLM affected versions not specified Description Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an attacker to perform spoofing over a network, which can affect the system. Recommendations At the...

7.8CVSS5.8AI score0.00662EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/04 9:51 p.m.8 views

CVE-2024-6858 In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.

In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN...

5.4AI score0.00143EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/04 12:0 a.m.10 views

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS, which stems from the fact that under 802.1X mode, if there are devices supporting EAPOL in the back-end VLAN,...

6.5CVSS5.3AI score0.00143EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.23 views

PT-2026-46392

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description When operating in 802.1X mode, multi-auth unauthenticated hosts may be granted unauthorized access to a switch port if an EAPOL Extensible Authentication Protocol over LAN capable device i...

6.5CVSS5.4AI score0.00143EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.27 views

PT-2026-45833

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description The SAML source response processor ResponseProcessor.parse fails to validate the Conditions element on assertions. Specifically, NotBefore, NotOnOrAfter, an...

7.5CVSS5.5AI score0.00169EPSS
Exploits0References3
cve
cve
added 2026/05/20 1:9 p.m.112 views

CVE-2026-3039

CVE-2026-3039 affects BIND 9.x when TKEY-based authentication via GSS-API tokens is used; the issue is a memory-exhaustion vulnerability triggered by malicious packets in Active Directory/Kerberos DNS setups. Affected versions span 9.0.0–9.16.50, 9.18.0–9.18.48, 9.20.0–9.20.22, 9.21.0–9.21.21, pl...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References13Affected Software1
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in wpa

Implementations of EAP-pwd in hostapd before version 2.10, and wpasupplicant before version 2.10, are vulnerable to side-channel attacks due to cache access patterns. NOTE: This issue exists due to an incomplete fix for CVE-2019-9495...

9.8CVSS7.1AI score0.01903EPSS
Exploits0References2
githubexploit
githubexploit
added 2026/05/14 7:2 a.m.84 views

Exploit for CVE-2026-35333

CVE-2026-35333 strongSwan RADIUS attribute-iterator pre-auth...

5.9AI score
Exploits3
susecve
susecve
added 2026/05/05 1:45 a.m.10 views

SUSE CVE-2026-43859

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...

4.8CVSS5.8AI score0.00162EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/04 6:0 a.m.33 views

CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

3.7CVSS0.00162EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/29 12:0 a.m.15 views

PT-2026-36107

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description The SAML IdP implementation in the SSO module uses the AssertionConsumerServiceURL value from incoming SAML AuthnRequest messages as the destination for the SAML response without validating it agains...

8.2CVSS5.9AI score0.0028EPSS
Exploits0References7
suse
suse
added 2026/04/27 4:59 p.m.9 views

Security update for strongswan

This update for strongswan fixes the following issues: CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

9.2CVSS5.2AI score
Exploits6References28
Rows per page
Query Builder