3 matches found
CVE-2026-57962
The CVE-2026-57962 vulnerability affects the Thunderbird LDAP client used for address-book autocomplete. A malicious LDAP server can push arbitrarily large attacker-supplied data into Thunderbird, causing memory exhaustion and a DoS. Root cause: unbounded data accepted by the LDAP client during a...
CVE-2026-3048
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...
Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm...