Lucene search
+L

720 matches found

RedHat Linux
RedHat Linux
added 2026/07/08 12:25 p.m.8 views

Important: Red Hat Security Advisory: 389-ds-base security update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS6.2AI score0.0067EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 12:0 a.m.7 views

ALSA-2026:36201 Important: 389-ds:1.4 security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: 389-ds-base: Heap buffer overflow in sasliorecv via padded SASL...

8.8CVSS6.2AI score0.0067EPSS
Exploits0References6
NVD
NVD
added 2026/07/03 12:16 a.m.10 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...

9.2CVSS0.00646EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-57962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied...

5.3CVSS6AI score0.00203EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/01 12:58 a.m.6 views

CVE-2026-57962

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and...

5.3CVSS6AI score0.00203EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.10 views

RHEL 9 : redhat-ds:12 (RHSA-2026:26639)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26639 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP...

7.5CVSS6AI score0.00815EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/17 1:55 a.m.15 views

Important: Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS5.4AI score0.00815EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 1:51 a.m.8 views

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.2AI score0.00815EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/17 1:24 a.m.8 views

Important: Red Hat Security Advisory: 389-ds-base security update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

7.5CVSS5.4AI score0.00815EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 12:50 a.m.18 views

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.2AI score0.00815EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.9 views

RHEL 10 : 389-ds-base (RHSA-2026:26457)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26457 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server...

7.5CVSS6AI score0.00815EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.12 views

RHEL 8 : redhat-ds:11 (RHSA-2026:26461)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26461 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP...

7.5CVSS6AI score0.00815EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.11 views

RHEL 10 : 389-ds-base (RHSA-2026:26456)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26456 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server...

7.5CVSS6.1AI score0.00815EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2026/06/17 12:0 a.m.7 views

Important: 389-ds:1.4 security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: 389-ds-base: unbounded LDAP controls count in...

7.5CVSS5.9AI score0.00815EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 2:16 p.m.11 views

CVE-2026-11788

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

7.5CVSS0.00346EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/09 1:2 p.m.11 views

CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

6.5CVSS5.7AI score0.00282EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/09 1:2 p.m.11 views

CVE-2026-11788 389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

5.9CVSS5.5AI score0.00346EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2026-11789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted passwor...

6.5CVSS5.4AI score0.00282EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:42 a.m.15 views

CVE-2026-9801

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS5.8AI score0.00476EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/20 9:0 a.m.7 views

CVE-2026-9064 389-ds-base: 389-ds-base: unbounded ldap controls count in get_ldapmessage_controls_ext() causes cpu and heap amplification (remote dos)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.8AI score0.00815EPSS
Exploits0References19
Rows per page
Query Builder