37 matches found
389 Directory Server 输入验证错误漏洞
389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a vulnerability related to input validation. This vulnerability stems from an integer overflow in the SASL I/O layer. In the function...
EUVD-2026-35856
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...
CVE-2026-9735
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...
MongoDB Server 日志信息泄露漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a company based in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log...
CVE-2026-47784
A flaw was found in memcached. This vulnerability involves a timing side channel during SASL Simple Authentication and Security Layer password database authentication. A remote attacker could potentially exploit the timing differences in the password verification process to infer sensitive passwo...
CVE-2026-47784
The CVE concerns memcached prior to 1.6.42, where SASL password data used for authentication is exposed to a timing side-channel via memcmp in sasl_server_userdb_checkpass. Affected versions are before 1.6.42; upgrading to 1.6.42 or later is the supported remediation per the release notes. The vu...
dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command
A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...
PT-2026-42110
Name of the Vulnerable Software and Affected Versions memcached versions prior to 1.6.42 Description Password data for SASL password database authentication contains a timing side channel. This occurs because the sasl server userdb checkpass function utilizes memcmp, which can allow an attacker t...
dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command
A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...
CVE-2026-6691
A flaw was found in the MongoDB C Driver's Cyrus SASL integration. This vulnerability, a heap buffer overflow, occurs due to unsafe string copying during username canonicalization. A remote attacker can exploit this by providing untrusted input in the username of a MongoDB URI with...
dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command
A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...
dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command
A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...
Astra Linux – Vulnerability in cyrus-sasl2
In Cyrus SASL 2.1.17 through 2.1.27 up to 2.1.28, the plugins/sql.c file does not escape the password used in SQL INSERT or UPDATE statements...
curl: ignoring 'options' when doing connection reuse
libcurl contains a significant logic flaw in its connection pool matching mechanism. When a transfer specifies a required authentication policy—such as a specific SASL mechanism e.g., ;AUTH=GSSAPI or a restricted set of SSH authentication types CURLOPTSSHAUTHTYPES—libcurl fails to verify these...
OESA-2025-2396 ongres-scram security update
Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...
Malicious code in simple-auth-manager-ui (npm)
--- -= Per source details. Do not edit below this line.=-...
Apache Kafka 安全漏洞
Apache Kafka is an open source distributed streaming platform from the Apache USA Foundation. The platform is capable of fetching real-time data for building applications that react in real-time to changes in data streams. A security vulnerability exists in Apache Kafka that stems from a...
CVE-2024-34162
The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As...
CVE-2019-13045
...
PT-2024-25724 · Sharp +1 · Multiple Mfps
Name of the Vulnerable Software and Affected Versions: No specific product names, model numbers, or versions are mentioned in the provided descriptions. Description: The issue concerns the web interface of affected devices, which is designed to hide LDAP credentials from administrative users...