Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

CVE-2026-22746 User Attribute Enumeration when Using DaoAuthenticationProvider

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

CVE-2026-22746

The CVE concerns Spring Security vulnerability CVE-2026-22746 where the timing-attack defense in DaoAuthenticationProvider can be bypassed when an application uses the UserDetails attributes isEnabled, isAccountNonExpired, or isAccountNonLocked to manage user status. Affected versions include Spr...

389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...

CVE-2025-14905

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...

CVE-2023-53486

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance the attribute size check This combines the overflow and boundary check so that all attribute size will be properly examined while enumerating them. 169.181521 BUG: KASAN: slab-out-of-bounds in...

CVE-2023-53486

CVE-2023-53486 affects the Linux kernel ntfs3 implementation. The fixed issue is a combined overflow/boundary check in attribute size validation during NTFS attribute enumeration, which could lead to slab-out-of-bounds access (KASAN) when mounting or reading NTFS volumes. The description and conn...

CVE-2023-53486 fs/ntfs3: Enhance the attribute size check

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance the attribute size check This combines the overflow and boundary check so that all attribute size will be properly examined while enumerating them. 169.181521 BUG: KASAN: slab-out-of-bounds in...

CVE-2023-53486 fs/ntfs3: Enhance the attribute size check

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance the attribute size check This combines the overflow and boundary check so that all attribute size will be properly examined while enumerating them. 169.181521 BUG: KASAN: slab-out-of-bounds in...

CVE-2023-23951

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application...

DEBIAN-CVE-2024-52560

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mienumattr Extended the mienumattr function interface with an additional parameter, struct ntfsinode ni, to allow marking the inode as bad as soon as an error is detected...

CVE-2023-23951

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application...

Code injection

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application...

CVE-2023-23951

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application...

PT-2023-8809 · Oracle +1 · Oracle Ldap Attribute Handler +2

Name of the Vulnerable Software and Affected Versions: Broadcom Symantec Identity Manager and Symantec Identity Governance and Administration affected versions not specified Description: The issue is related to the Oracle LDAP Attribute Handler component, which fails to protect the web page...