Lucene search
K

9 matches found

RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.14 views

bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-0636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:16 a.m.6 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:59 a.m.6 views

CVE-2026-0636

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/15 8:59 a.m.75 views

CVE-2026-0636

CVE-2026-0636 affects BC-JAVA:bcprov libraries from Legion of the Bouncy Castle Inc. Affected versions are 1.49 up to but not including 1.84. The issue is an LDAP injection in LDAPStoreHelper.java caused by improper neutralization of special LDAP query elements. This results in a high-impact vuln...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2026/04/15 8:59 a.m.3 views

CVE-2026-0636 LDAP Injection Vulnerability in LDAPStoreHelper.java

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.5 views

Samba 安全漏洞

Samba is a standard Windows interoperability program suite for Linux and Unix. Samba has a security vulnerability that stems from a lack of access control checks. An attacker could exploit the vulnerability to obtain the names and retained attributes of deleted objects in the LDAP store...

4.3CVSS6.2AI score0.01168EPSS
Exploits1References3
Veracode
Veracode
added 2022/01/19 8:50 a.m.61 views

Deserialisation Of Untrusted Object

JMSSink in log4j is vulnerable to deserialization of untrusted object. The insecure use of JNDI in JMSSink allows an attacker to send malicious object in LDAP store if it is accessible by an attacker or is configured to use an untrusted site, leading to a remote code execution. Note: this...

8.8CVSS4.2AI score0.61785EPSS
Exploits0References6Affected Software93
Prion
Prion
added 2007/04/27 4:19 p.m.16 views

Default credentials

Nortel VPN Router aka Contivity 1000, 2000, 4000, and 5000 before 605.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store...

9CVSS6.8AI score0.01734EPSS
Exploits0References4
Rows per page
Query Builder