22 matches found
Astra Linux - уязвимость в samba
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability...
EUVD-2026-13692
Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...
CVE-2026-33369
Zimbra Collaboration (ZCS) versions 10.0 and 10.1 are affected by an LDAP injection in the Mailbox SOAP service during a FolderAction operation. The vulnerability arises because user input is not properly sanitized before being incorporated into an LDAP search filter, enabling an authenticated at...
CVE-2026-33369
Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...
PT-2026-26613
Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...
CLSA-2026-1772631219 python3: Fix of 5 CVEs
CVE-2024-12718: extractall: re-apply the filter at directory-attribute fixup, skip fixup if the entry is no longer a directory - CVE-2025-4138: datafilter: strip .. components from symlink targets in datafilter to prevent traversal via symlinks in the link target - CVE-2025-4330: re-apply filter...
Alibaba Cloud Linux 3 : 0167: sssd (ALINUX3-SA-2025:0167)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0167 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-11561: A flaw was found in the integration...
sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
OESA-2025-2579 sssd security update
SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. Security Fixes: A flaw was...
Amazon Linux 2023 : libipa_hbac, libipa_hbac-devel, libsss_autofs (ALAS2023-2025-1249)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1249 advisory. A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication...
CVE-2025-11561 Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
EUVD-2025-33347
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication plugin sssdkrb5localauthplugin, allowing an attacker with permission to modify certain AD...
Check Point Mobile Access 安全漏洞
Check Point Mobile Access is a secure and easy solution from Check Point Israel. It is used for smartphones, tablets or PCs to securely connect to corporate applications over the Internet. A security vulnerability exists in Check Point Mobile Access R82 and prior versions, which originates from a...
Deciso OPNsense 跨站脚本漏洞
OPNsense is an open source, FreeBSD-based firewall and routing software developed by Deciso Inc. A cross-site scripting vulnerability exists in versions prior to OPNsense 21.7.4. An attacker can exploit the vulnerability by returning LDAP attributes in the authentication tester to conduct...
samba: Out of bounds read in AD DC LDAP server
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability...
AZL-7353 CVE-2021-20277 affecting package samba 4.12.5-7
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability...
ALPINE-CVE-2021-20277
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability...
DEBIAN-CVE-2021-20277
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability...