EUVD-2026-22701

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

GHSA-PFX2-9X9M-7GHX OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 28.0.1 had security vulnerabilities. These vulnerabilities stemmed from the fact that the LDAP identity backend did not convert user enablement properties in...

[SECURITY] Fedora 42 Update: bind-dyndb-ldap-11.11-7.fc42

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

Backstage 安全漏洞

Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage version 1.25.0, which originates from an instance of Backstage with the Directory Backend plugin installed, where a malicious actor with...

SUSE CVE-2011-1529

The lookuplockoutpolicy function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 aka Berkeley DB or LDAP back end is used, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via vectors...

SUSE CVE-2018-12422

addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the...

LemonLDAP::NG 信任管理问题漏洞

LemonLDAP::NG is a web single sign-on and access management software. A security vulnerability exists in LemonLDAP::NG version 2.0.8, which stems from a default failure to check the validity of X.509 certificates when connecting to a remote LDAP backend, due to the use of the default configuratio...

Phamm 'login_form' function cross-site scripting vulnerability

Phamm is a PHP-based web hosting manager that supports multiple roles with access rights to manage virtual services using an LDAP backend. A cross-site scripting vulnerability exists in the 'loginform' function of the views/helpers.php file in versions of Phamm prior to 0.6.7. A remote attacker c...

krb5: NULL pointer dereference when using a ticket policy name as a password policy name

If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal...

krb5: NULL pointer dereference when using a ticket policy name as a password policy name

If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal...

krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)

A buffer overflow was found in the KADM5 administration server kadmind when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind...

openstack-keystone: unintentional role granting with Keystone LDAP backend

The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...

DEBIAN-CVE-2011-1528

The krb5ldaplockoutaudit function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors, related to the...

DEBIAN-CVE-2011-1527

The kdbldap plugin in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a kinit operation with incorrect string case for the realm, relate...

krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)

The krb5ldaplockoutaudit function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors, related to the...

DEBIAN-CVE-2011-0281

The unparse implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service file descriptor exhaustion and daemon hang via a principal name that triggers use of a backslash escape...

Cryptographic Issues

Overview Affected versions of this package are vulnerable to Cryptographic Issues. The unparse implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service file descriptor...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service NULL pointer dereference or buffer over-read, and...