CVE-2026-46776

Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware component: OUD Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Unified...

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

CVE-2026-34294

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Microsoft Active Directory. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Orac...

EUVD-2026-24380

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Microsoft Active Directory. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Orac...

CVE-2020-17477

Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory via LDAP search requests. For example, a teacher can gain...

EUVD-2005-2512

Malware in sbrugna...

EUVD-2020-4831

Malware in sbrugna...

EUVD-2021-17568

Malware in sbrugna...

EUVD-2020-9429

Malware in sbrugna...

EUVD-2019-0378

Malware in sbrugna...

EUVD-2022-37397

Malicious code in bioql PyPI...

curl: curl ASSERTs when accessing an LDAP URL

Summary: curl can crash when accessing an LDAP URL. curl ldap://localhost:1388 curl: result.c:930: tryread1msg: Assertion !BERBVISEMPTY &resoid ' failed. Aborted core dumped No AI was used in the production of this report. This was enabled by oss-fuzz, but initiated by me adding LDAP support to...

CVE-2024-22326

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: 279518...

Linux Distros Unpatched Vulnerability : CVE-2013-0199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the 1 ipaNTTrustAuthIncoming and 2 ipaNTTrustAuthOutgoing attributes, which allow...

PT-2024-14128 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.12 Description: The issue is related to LDAP injection when authentication is made against a LDAP server. This can be exploited by a remote attacker to perform LDAP injection using the authentication form. The...

PT-2023-11480 · Unknown · Ucs@School

Name of the Vulnerable Software and Affected Versions: UCS@school versions prior to 4.4v5-errata Description: The issue is related to incorrect LDAP ACLs in ucs-school-ldap-acls-master, allowing remote teachers, staff, and school administrators to read LDAP password hashes, including...

PT-2022-6585 · Apache · Apache Streampark

Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions 1.0.0 through 2.0.0 Description: The issue is related to an LDAP injection vulnerability, which is an attack used to exploit web-based applications that construct LDAP statements based on user input. When an...

CVE-2020-12529

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports...

Design/Logic Flaw

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports...

CVE-2020-12529

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports...