Lucene search
K

9 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-14940

A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...

5.3CVSS0.00307EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42042

A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...

5.3CVSS5.9AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-14940

Affected software/component: 389 Directory Server (389-ds-base). Vulnerability: heap-buffer-overflow in DN normalization when processing a legacy-quoted value encoding a multivalued nested RDN, causing writes past the end of a heap allocation. Attack scenario: an unauthenticated remote attacker c...

5.3CVSS5.9AI score0.00307EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/11/30 12:0 a.m.5 views

Hesperus Is Phosphorus: Mapping Threat Actor Naming Taxonomies at Scale

This paper studies the problem of Threat Actor TA naming convention inconsistency across leading Cyber Threat Intelligence CTI vendors. The current decentralized and proprietary nomenclature creates confusion and significant obstacles for researchers, including difficulties in integrating and...

6.6AI score
Exploits0
OSV
OSV
added 2024/03/06 10:55 a.m.16 views

BIT-MASTODON-2023-42451 Mastodon Invalid Domain Name Normalization vulnerability

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0 contai...

7.5CVSS7AI score0.0057EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.13 views

PT-2023-7360 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 3.5.14 Mastodon versions prior to 4.0.10 Mastodon versions prior to 4.1.8 Mastodon versions prior to 4.2.0-rc2 Description: The issue is related to a flaw in domain name normalization, which can be exploited by...

7.5CVSS7.2AI score0.0057EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2021/08/19 7:17 a.m.3 views

apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

5.8CVSS6.9AI score0.10608EPSS
Exploits1References4
OSV
OSV
added 2021/04/26 4:4 p.m.3 views

GHSA-GWRP-PVRQ-JMWV Path Traversal and Improper Input Validation in Apache Commons IO

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

4.8CVSS6.8AI score0.10608EPSS
Exploits1References50
OSV
OSV
added 2021/04/13 7:15 a.m.2 views

UBUNTU-CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

4.8CVSS6.8AI score0.10608EPSS
Exploits1References5
Rows per page
Query Builder