SUSE-SU-2026:21208-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

OPENSUSE-SU-2026:20554-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

CVE-2026-25560

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.161-0.b14.el7 (AXSA:2018-2516:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2516:01 advisory. Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass...

EUVD-2005-2302

Malware in sbrugna...

EUVD-2014-5242

Malware in sbrugna...

EUVD-2012-3396

Malware in sbrugna...

EUVD-2008-1678

Malware in sbrugna...

EUVD-2021-20345

Malware in sbrugna...

EUVD-2012-2134

Malware in sbrugna...

EUVD-2024-32233

Malicious code in bioql PyPI...

CVE-2022-22975

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...

Linux Distros Unpatched Vulnerability : CVE-2014-5353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The krb5ldapgetpasswordpolicyfromdn function in plugins/kdb/ldap/libkdbldap/ldappwdpolicy.c in MIT Kerberos 5 aka krb5 before 1.13.1, when the KDC uses LDAP,...

Metasploit Weekly Wrap-Up 01/31/25

ESC4 Detection This week, Metasploit’s jheysel-r7 updated the existing ldapescvulnerablecertfinder module to include detecting template objects that can be written to by the authenticated user. This means the module can now identify instances of ESC4 from the perspective of the account that the...

GO-2022-0939 Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker in github.com/StevenWeathers/thunderdome-planning-poker

Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker in github.com/StevenWeathers/thunderdome-planning-poker...

ROS-20240806-17

The 389 Directory Server vulnerability is related to the creation of a special LDAP query, that has the potential to cause a failure on the directory server. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service...

389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

SUSE CVE-2024-3657

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

CVE-2024-3657

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

CVE-2024-3657

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...