44 matches found
EUVD-2022-33551
Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...
Oracle Linux 7 : 389-ds-base (ELSA-2019-3981)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3981 advisory. - Resolves: Bug 1748198 - EMBARGOED CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin Tenable has extracted the preceding descriptio...
Amazon Linux 2 : 389-ds-base (ALAS-2018-1094)
A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.CVE-2018-14624 A race condition was foun...
MGASA-2018-0235 Updated spring-ldap packages fix security vulnerability
It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password CVE-2017-8028...
CURL-CVE-2018-1000121 LDAP NULL pointer dereference
curl might dereference a near-NULL address when getting an LDAP URL. The function ldapgetattributeber is called to get attributes, but it turns out that it can return LDAPSUCCESS and still return a NULL pointer in the result pointer when getting a particularly crafted response. This was a surpris...
389 security update
CentOS Errata and Security Advisory CESA-2018:0163 An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
F5 Networks BIG-IP : Samba vulnerabilities (K53313971)
CVE-2016-2110 The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryptio...
AZL-44409 CVE-2016-2110 affecting package samba 4.18.3-2
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...
CVE-2016-2110
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...
CVE-2016-2110
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...
UBUNTU-CVE-2016-2110
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...
CVE-2015-2612
Unspecified vulnerability in the Siebel Core - Server OM Svcs component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote attackers to affect confidentiality via vectors related to LDAP Security Adapter...
Design/Logic Flaw
Unspecified vulnerability in the Siebel Core - Server OM Svcs component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote attackers to affect confidentiality via vectors related to LDAP Security Adapter...
CVE-2015-2612
The provided connected documents confirm CVE-2015-2612 affects Oracle Siebel CRM (versions 8.1.1, 8.2.2, 15.0) in the Siebel Core – Server OM Svcs component (LDAP Security Adapter). The vulnerability enables unauthenticated network access via HTTPS that can lead to unauthorized read access to Sie...
CVE-2015-0387
Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter...
Design/Logic Flaw
Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter...
CVE-2015-0387
Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter...
CVE-2015-0387
CVE-2015-0387 affects Oracle Siebel CRM 8.1.1 and 8.2.2, specifically the Siebel Core - Server OM Services component (Security - LDAP Security Adapter). The issue enables remote authenticated users to affect confidentiality via LDAP-related vectors. No exploitation details or mitigation are provi...
Removing user from LDAP doesn't clear LDAP group membership
Reproduction steps: 1. Setup generic LDAP user repository RW, with jira-users, jira-developers, jira-administrators groups. 2. Create user for John Smith as [email protected]. 3. Add him to jira-administrators group. 4. Remove user [email protected] John changed the company. 5. Create user for Jake Sunny as...
CVE-2012-3429
The dnstoldapdnescape function in src/ldapconvert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names DN for LDAP queries, which allows remote DNS servers to cause a denial of service named service hang via a "$" character in a DN in a DNS query...