11 matches found
Oracle Linux 8 : 389-ds:1.4 (ELSA-2026-26459)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26459 advisory. - Resolves: RHEL-178076 - CVE-2026-9064 389-ds:1.4/389-ds-base: unbounded LDAP controls count in getldapmessagecontrolsext causes CPU and heap amplification...
UBUNTU-CVE-2026-9064
A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...
CVE-2026-40193
maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the updateUser function in LDAPUserImporterImpl.java. A user can read user email addresses in log files. Remediation Upgrade com.liferay:com.liferay.portal.security.ldap.impl to versi...
EUVD-2001-0048
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-31084
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 There are...
Medium: 389-ds-base
Issue Overview: A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a faile...
OpenText eDirectory 安全漏洞
OpenText eDirectory is an identity management infrastructure platform that combines identity management architecture and directory services technology from OpenText Canada. The platform provides authentication policies, data backup and recovery services, and data disaster recovery. A security...
IBM Security Directory Server Path Traversal Vulnerability
IBM Security Directory Server is a suite of enterprise identity management software from International Business Machines IBM that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. A security vulnerability exists i...
The vulnerability of the LDAP service protocol implementation in Microsoft Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the LDAP service protocol implementation in Microsoft Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by transmitting specially crafted data...
Unspecified Vulnerability in Oracle PeopleSoft Enterprise PeopleTools 'LDAP' Subware
Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle Corporation, and PeopleSoft Enterprise PeopleTools is one of the tools and technology components that transforms the way organizations manage, use, and maintain their PeopleSoft software. PeopleSoft...