Lucene search
+L

44 matches found

euvd
euvd
added 2022/05/10 8:34 p.m.6 views

EUVD-2022-33551

Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...

8.8CVSS9.1AI score0.02597EPSS
Exploits0References2
nessus
nessus
added 2019/12/03 12:0 a.m.41 views

Oracle Linux 7 : 389-ds-base (ELSA-2019-3981)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3981 advisory. - Resolves: Bug 1748198 - EMBARGOED CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin Tenable has extracted the preceding descriptio...

6.5CVSS6.9AI score0.01311EPSS
Exploits0References2
nessus
nessus
added 2018/10/26 12:0 a.m.38 views

Amazon Linux 2 : 389-ds-base (ALAS-2018-1094)

A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.CVE-2018-14624 A race condition was foun...

7.5CVSS6.6AI score0.0265EPSS
Exploits1References5
osv
osv
added 2018/05/16 8:24 a.m.8 views

MGASA-2018-0235 Updated spring-ldap packages fix security vulnerability

It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password CVE-2017-8028...

8.1CVSS8AI score0.02606EPSS
Exploits0References3
osv
osv
added 2018/03/14 8:0 a.m.7 views

CURL-CVE-2018-1000121 LDAP NULL pointer dereference

curl might dereference a near-NULL address when getting an LDAP URL. The function ldapgetattributeber is called to get attributes, but it turns out that it can return LDAPSUCCESS and still return a NULL pointer in the result pointer when getting a particularly crafted response. This was a surpris...

7.5CVSS8.4AI score0.09565EPSS
Exploits0
centos
centos
added 2018/01/26 1:13 a.m.116 views

389 security update

CentOS Errata and Security Advisory CESA-2018:0163 An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

7.5CVSS7.2AI score0.03948EPSS
Exploits0References7
nessus
nessus
added 2016/08/30 12:0 a.m.54 views

F5 Networks BIG-IP : Samba vulnerabilities (K53313971)

CVE-2016-2110 The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryptio...

5.9CVSS6.9AI score0.10232EPSS
Exploits0References3
osv
osv
added 2016/04/25 12:59 a.m.5 views

AZL-44409 CVE-2016-2110 affecting package samba 4.18.3-2

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

5.9CVSS6.7AI score0.08305EPSS
Exploits0References1
osv
osv
added 2016/04/25 12:59 a.m.8 views

CVE-2016-2110

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

5.9CVSS6.5AI score0.08305EPSS
Exploits0References42
cvelist
cvelist
added 2016/04/25 12:0 a.m.29 views

CVE-2016-2110

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

6.7AI score0.08305EPSS
Exploits0References42
osv
osv
added 2016/04/12 12:0 a.m.4 views

UBUNTU-CVE-2016-2110

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

5.9CVSS6.8AI score0.08305EPSS
Exploits0References4
nvd
nvd
added 2015/07/16 10:59 a.m.21 views

CVE-2015-2612

Unspecified vulnerability in the Siebel Core - Server OM Svcs component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote attackers to affect confidentiality via vectors related to LDAP Security Adapter...

4.3CVSS5.7AI score0.01667EPSS
Exploits0References2
prion
prion
added 2015/07/16 10:59 a.m.19 views

Design/Logic Flaw

Unspecified vulnerability in the Siebel Core - Server OM Svcs component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote attackers to affect confidentiality via vectors related to LDAP Security Adapter...

4.3CVSS6.2AI score0.01667EPSS
Exploits0References2Affected Software1
cve
cve
added 2015/07/16 10:0 a.m.47 views

CVE-2015-2612

The provided connected documents confirm CVE-2015-2612 affects Oracle Siebel CRM (versions 8.1.1, 8.2.2, 15.0) in the Siebel Core – Server OM Svcs component (LDAP Security Adapter). The vulnerability enables unauthenticated network access via HTTPS that can lead to unauthorized read access to Sie...

4.3CVSS5.8AI score0.01667EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2015/01/21 6:59 p.m.19 views

CVE-2015-0387

Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter...

4CVSS5.2AI score0.01113EPSS
Exploits0References4
prion
prion
added 2015/01/21 6:59 p.m.15 views

Design/Logic Flaw

Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter...

4CVSS5.6AI score0.01113EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2015/01/21 6:0 p.m.25 views

CVE-2015-0387

Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter...

5.2AI score0.01113EPSS
Exploits0References4
cve
cve
added 2015/01/21 6:0 p.m.49 views

CVE-2015-0387

CVE-2015-0387 affects Oracle Siebel CRM 8.1.1 and 8.2.2, specifically the Siebel Core - Server OM Services component (Security - LDAP Security Adapter). The issue enables remote authenticated users to affect confidentiality via LDAP-related vectors. No exploitation details or mitigation are provi...

4CVSS5.4AI score0.01113EPSS
Exploits0References4Affected Software1
atlassian
atlassian
added 2014/06/18 2:46 p.m.20 views

Removing user from LDAP doesn't clear LDAP group membership

Reproduction steps: 1. Setup generic LDAP user repository RW, with jira-users, jira-developers, jira-administrators groups. 2. Create user for John Smith as [email protected]. 3. Add him to jira-administrators group. 4. Remove user [email protected] John changed the company. 5. Create user for Jake Sunny as...

0.9AI score
Exploits0
nvd
nvd
added 2012/08/07 9:55 p.m.9 views

CVE-2012-3429

The dnstoldapdnescape function in src/ldapconvert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names DN for LDAP queries, which allows remote DNS servers to cause a denial of service named service hang via a "$" character in a DN in a DNS query...

5CVSS8.2AI score0.03072EPSS
Exploits1References9
Rows per page
Query Builder