389 Directory Server 输入验证错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a vulnerability related to input validation. This vulnerability stems from an integer overflow in the SASL I/O layer. In the function...

CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

CVE-2026-47784

A flaw was found in memcached. This vulnerability involves a timing side channel during SASL Simple Authentication and Security Layer password database authentication. A remote attacker could potentially exploit the timing differences in the password verification process to infer sensitive passwo...

OESA-2025-2396 ongres-scram security update

Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...

SUSE CVE-2019-13565

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs...