9 matches found
bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...
Linux Distros Unpatched Vulnerability : CVE-2026-0636
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov...
LDAP Injection
Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...
CVE-2026-0636
Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...
CVE-2026-0636
CVE-2026-0636 affects BC-JAVA:bcprov libraries from Legion of the Bouncy Castle Inc. Affected versions are 1.49 up to but not including 1.84. The issue is an LDAP injection in LDAPStoreHelper.java caused by improper neutralization of special LDAP query elements. This results in a high-impact vuln...
CVE-2026-0636 LDAP Injection Vulnerability in LDAPStoreHelper.java
Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...
Samba 安全漏洞
Samba is a standard Windows interoperability program suite for Linux and Unix. Samba has a security vulnerability that stems from a lack of access control checks. An attacker could exploit the vulnerability to obtain the names and retained attributes of deleted objects in the LDAP store...
Deserialisation Of Untrusted Object
JMSSink in log4j is vulnerable to deserialization of untrusted object. The insecure use of JNDI in JMSSink allows an attacker to send malicious object in LDAP store if it is accessible by an attacker or is configured to use an untrusted site, leading to a remote code execution. Note: this...
Default credentials
Nortel VPN Router aka Contivity 1000, 2000, 4000, and 5000 before 605.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store...