Astra Linux - уязвимость в samba

A flaw was discovered in Samba. Users of Samba AD can cause the server to access uninitialized data through an LDAP add or modify request, typically resulting in a segmentation fault...

Wireshark 1.8.x < 1.8.10 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 1.8.10. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-1.8.10 advisory. - Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before...

K000160292: Curl vulnerability CVE-2025-14524

Security Advisory Description When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. CVE-2025-14524 Impact The...

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

ALPINE-CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

CVE-2025-14524 bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

EUVD-2019-4325

Malware in sbrugna...

CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

ROS-20250905-07

A vulnerability in the user locking mechanism of the Vault Enterprise and Vault Community Edition enterprise data archiving platforms is due to the application not performing the correct normalization of the application. Enterprise and Vault Community Edition is related to the fact that the...

CVE-2019-12736

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection...

CVE-2025-21376

Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...

CVE-2024-49124 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

...

Moderate: Red Hat Security Advisory: redhat-ds:11 security and bug fix update

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

SUSE CVE-2008-1562

The LDAP dissector in Wireshark formerly Ethereal 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service application crash via a malformed packet, a different vulnerability than CVE-2006-5740...

SUSE CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

Cisco multiple product licensing issues vulnerabilities

Cisco Email Security Appliance ESA and Cisco Secure Email are both products of Cisco USA. cisco Email Security Appliance is an email security appliance. cisco Secure Email is a Cisco Secure Email formerly Email Security provides the best protection for your email from cyber threats.An authorizati...

PT-2022-2587

Name of the Vulnerable Software and Affected Versions curl versions 7.33.0 through 7.82.0 Description An improper authentication issue exists, potentially allowing the reuse of OAUTH2-authenticated connections without ensuring the connection was authenticated with the same credentials as set for...

RLSA-2021:4511 Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...

SharpSpray - Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts

SharpSpray is a Windows domain password spraying tool written in .NET C. Introduction SharpSpray is a C port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and...

ownCloud: Protocol Smuggling over LDAP password field

Privileges required: Admin Hi, "userldap" plugin can be leveraged to interact with internal services over various protocols. LDAP password field can be exploited with newline chars \r\n in order to communicate with protocols like SMTP, Redis and, generally speaking, with all services those speak...