9 matches found
CVE-2026-14940
A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...
EUVD-2026-42042
A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...
CVE-2026-14940
Affected software/component: 389 Directory Server (389-ds-base). Vulnerability: heap-buffer-overflow in DN normalization when processing a legacy-quoted value encoding a multivalued nested RDN, causing writes past the end of a heap allocation. Attack scenario: an unauthenticated remote attacker c...
Hesperus Is Phosphorus: Mapping Threat Actor Naming Taxonomies at Scale
This paper studies the problem of Threat Actor TA naming convention inconsistency across leading Cyber Threat Intelligence CTI vendors. The current decentralized and proprietary nomenclature creates confusion and significant obstacles for researchers, including difficulties in integrating and...
BIT-MASTODON-2023-42451 Mastodon Invalid Domain Name Normalization vulnerability
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0 contai...
PT-2023-7360 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 3.5.14 Mastodon versions prior to 4.0.10 Mastodon versions prior to 4.1.8 Mastodon versions prior to 4.2.0-rc2 Description: The issue is related to a flaw in domain name normalization, which can be exploited by...
apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
GHSA-GWRP-PVRQ-JMWV Path Traversal and Improper Input Validation in Apache Commons IO
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
UBUNTU-CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...