Lucene search
K

230 matches found

NVD
NVD
added yesterday4 views

CVE-2026-14940

A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...

5.3CVSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-14940

Affected software/component: 389 Directory Server (389-ds-base). Vulnerability: heap-buffer-overflow in DN normalization when processing a legacy-quoted value encoding a multivalued nested RDN, causing writes past the end of a heap allocation. Attack scenario: an unauthenticated remote attacker c...

5.3CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added yesterday7 views

CVE-2026-14940 389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn

A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...

5.3CVSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-42042

A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...

5.3CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51108

Name of the Vulnerable Software and Affected Versions OpenBao affected versions not specified Description An issue exists in the shared LDAP utility library sdk/helper/ldaputil/client.go used by the LDAP authentication backend and OpenLDAP secrets engine. The GetUserDN function incorrectly uses...

6.8CVSS6AI score
Exploits0References7
OSV
OSV
added 2026/06/17 6:35 p.m.4 views

GHSA-X96M-RH44-VGV8 Apache Shiro: LDAP DN Injection in DefaultLdapRealm

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

8.8CVSS5.4AI score0.00494EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 2:17 p.m.25 views

CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

9.1CVSS0.00494EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 2:17 p.m.5 views

DEBIAN-CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

9.1CVSS5.4AI score0.00494EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 2:17 p.m.4 views

UBUNTU-CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

9.1CVSS5.9AI score0.00494EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 1:7 p.m.29 views

CVE-2026-49268

The CVE-2026-49268 issue affects Apache Shiro’s DefaultLdapRealm where user input is concatenated into the LDAP DN template without escaping RFC 2253 characters. This LDAP DN injection can alter the bind DN, potentially bypassing authentication or impersonating other users. Technical details conf...

9.1CVSS5.4AI score0.00494EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/17 1:7 p.m.20 views

CVE-2026-49268 Apache Shiro: LDAP DN Injection in DefaultLdapRealm

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

8.8CVSS0.00494EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/17 1:7 p.m.6 views

CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

9.1CVSS5.5AI score0.00494EPSS
Exploits0
EUVD
EUVD
added 2026/06/17 1:7 p.m.9 views

EUVD-2026-37701

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

8.8CVSS5.4AI score0.00494EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.24 views

PT-2026-48333

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.24 Spring Security versions 5.8.0 through 5.8.26 Spring Security versions 6.3.0 through 6.3.17 Spring Security versions 6.4.0 through 6.4.17 Spring Security versions 6.5.0 through 6.5.10 Description T...

8.1CVSS5.8AI score0.00116EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2025-13392

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager DSM before 7.2.2-72806-5 and 7.3.1-86003-1 7.2.1-69057 is not affected allows remote attackers to bypass authentication with prior knowledge of the distinguished name DN...

9.8CVSS6.6AI score0.00533EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/03 12:0 a.m.7 views

Security update for ovmf (important)

openSUSE security update: security update for ovmf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20875-1 Rating: important References: bsc1261469 bsc1261476 bsc1261477 bsc1261478 Cross-References: CVE-2026-25833 CVE-2026-25834 CVE-2026-25835...

8.7CVSS6AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 9:33 a.m.8 views

SUSE-SU-2026:22016-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2026-25833: mbedtls: buffer overflow in the x509inetptonipv6 function bsc1261476. - CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello bsc1261477. - CVE-2026-25835: mbedtls: no...

7.7CVSS5.6AI score0.00308EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/05/27 4:50 p.m.71 views

Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator

Description X509Authenticator implements client-certificate mTLS authentication: the web server validates the client's certificate against a trusted CA, then passes the certificate's Subject DN Distinguished Name: a string like CN=Alice,O=Example,[email protected] to Symfony via...

5.8AI score0.00069EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/05/27 4:50 p.m.5 views

GHSA-PH86-P8F6-F9R2 Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator

Description X509Authenticator implements client-certificate mTLS authentication: the web server validates the client's certificate against a trusted CA, then passes the certificate's Subject DN Distinguished Name: a string like CN=Alice,O=Example,[email protected] to Symfony via...

8.7CVSS5.8AI score0.00069EPSS
Exploits0References6
NVD
NVD
added 2026/05/27 9:16 a.m.17 views

CVE-2025-13392

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager DSM before 7.2.2-72806-5 and 7.3.1-86003-1 7.2.1-69057 is not affected allows remote attackers to bypass authentication with prior knowledge of the distinguished name DN...

9.8CVSS0.00533EPSS
Exploits0References1
Rows per page
Query Builder