The vulnerability of the GnuTLS library, which allows a hacker to cause a service failure

The vulnerability of the GnuTLS library is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure by submitting an excessively long DistinguishedName DN parameter...

DEBIAN-CVE-2015-6251

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName DN entry in a certificate...

UBUNTU-CVE-2015-6251

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName DN entry in a certificate...

Design/Logic Flaw

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

IBM Business Process Manager - User Account Reconfiguration

No description provided by source. Exploit Title: IBM BMPS BPM User account reconfiguration/Privilege Escalation/Information Disclosure Date: 31.01.14 Exploit Author: 0in Software link: http://www-03.ibm.com/software/products/en/business-process-manager-family/ Version: 8.0.1.1 newest versions ca...

DEBIAN-CVE-2014-3465

The gnutlsx509dnoidname function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN...

UBUNTU-CVE-2013-7258

Cross-site scripting XSS vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and entry data in group administration UI."...

CVE-2013-4283

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service server crash via a crafted Distinguished Name DN in a MOD operation request...

DEBIAN-CVE-2013-4283

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service server crash via a crafted Distinguished Name DN in a MOD operation request...

Cross site request forgery (csrf)

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service server crash via a crafted Distinguished Name DN in a MOD operation request...

UBUNTU-CVE-2013-4283

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service server crash via a crafted Distinguished Name DN in a MOD operation request...

CVE-2013-4283

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service server crash via a crafted Distinguished Name DN in a MOD operation request...

MGASA-2013-0263 Updated 389-ds-base packag fixes security vulnerabilies and incorrect group usage

Updated 389-ds-base packages fix security vulnerabilities: It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker with permission to query the Directory Server could use this flaw to determine th...

389-ds-base: ns-slapd crash due to bogus DN

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service server crash via a crafted Distinguished Name DN in a MOD operation request...

Scientific Linux Security Update : sssd on SL6.x i386/x86_64 (20130319)

When SSSD was configured as a Microsoft Active Directory client by using the new Active Directory provider introduced in SLSA-2013:0508, the Simple Access Provider 'accessprovider = simple' in '/etc/sssd/sssd.conf' did not handle access control correctly. If any groups were specified with the...

Moderate: Red Hat Security Advisory: rsyslog security, bug fix, and enhancement update

Updated rsyslog packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap

The handleconnectionerror function in ldaphelper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service infinite loop and named server hang via a non-alphabet character in the base DN in an LDAP search DNS query...

CVE-2009-5073

IBM Tivoli Directory Server TDS 6.0 before 6.0.0.59 aka 6.0.0.8-TIV-ITDS-IF0001 allows remote authenticated users to cause a denial of service infinite loop and daemon hang by adding a nested group that contains the Distinguished Name DN of its parent entry...

CVE-2009-5073

IBM Tivoli Directory Server TDS 6.0 before 6.0.0.59 aka 6.0.0.8-TIV-ITDS-IF0001 allows remote authenticated users to cause a denial of service infinite loop and daemon hang by adding a nested group that contains the Distinguished Name DN of its parent entry...