Lucene search
K

116 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.28 views

Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in OpenLDAP (CVE-2015-6908)

Summary A vulnerability in OpenLDAP affects IBM Security Access Manager appliances. Vulnerability Details CVEID: CVE-2015-6908 DESCRIPTION: OpenLDAP is vulnerable to a denial of service, caused by an assertion error in the bergetnext function. By sending a specially-crafted packet, a remote...

5CVSS1.6AI score0.19984EPSS
Exploits1Affected Software3
Tenable Nessus
Tenable Nessus
added 2017/06/02 12:0 a.m.72 views

Ubuntu 14.04 LTS / 16.04 LTS : OpenLDAP vulnerability (USN-3307-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3307-1 advisory. Karsten Heymann discovered that OpenLDAP incorrectly handled certain search requests. A remote attacker could use this issue to cause slapd to crash,...

6.5CVSS6.8AI score0.07143EPSS
Exploits1References2
CNVD
CNVD
added 2015/09/15 12:0 a.m.4 views

OpenLDAP Denial of Service Vulnerability (CNVD-2015-06013)

OpenLDAP is a free and open source implementation of the Lightweight Directory Access Protocol LDAP from the OpenLDAP Foundation in the United States, which is included in Linux distributions. A security vulnerability in the 'bergetnext' function in the libraries/liblber/io.c file in OpenLDAP...

5CVSS8.4AI score0.19984EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.7 views

Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities in the openldap package up to version 2.2.28-r3 of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

7.2CVSS5.5AI score0.00463EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.5 views

The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the openldap-2.3.43 package for the CentOS operating system can be exploited, leading to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely by a malicious individual who has completed the...

4.6CVSS5.5AI score0.02959EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2015/04/01 2:59 p.m.7 views

CVE-2014-9713

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors...

5.9AI score
Exploits0References5
OSV
OSV
added 2015/02/12 4:59 p.m.6 views

CVE-2015-1546

Double free vulnerability in the getvrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service crash via a crafted search query with a matched values control...

6.3AI score
Exploits0References10
OSV
OSV
added 2015/02/12 4:59 p.m.9 views

CVE-2015-1545

The derefparseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an empty attribute list in a deref control in a search request...

6.3AI score
Exploits0References19
OSV
OSV
added 2014/02/05 6:55 p.m.7 views

CVE-2013-4449

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the session context while it is being used by...

4.3CVSS6.3AI score0.10913EPSS
Exploits1References16
OSV
OSV
added 2011/10/27 8:55 p.m.4 views

CVE-2011-4079

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service slapd crash via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry...

6.5AI score
Exploits0References10
Positive Technologies
Positive Technologies
added 2011/10/27 12:0 a.m.3 views

PT-2011-1193 · Openldap · Openldap

Name of the Vulnerable Software and Affected Versions: OpenLDAP versions 2.4.26 and earlier Description: The issue is related to an off-by-one error in the UTF8StringNormalize function, which can be exploited by remote attackers to cause a denial of service slapd crash via a zero-length string...

6.8CVSS6.7AI score0.03713EPSS
Exploits0References14
OSV
OSV
added 2011/03/20 2:0 a.m.7 views

CVE-2011-1081

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service daemon crash via a relative Distinguished Name DN modification request aka MODRDN operation that contains an empty value for the OldDN field...

6.3AI score
Exploits0References21
OSV
OSV
added 2011/03/20 2:0 a.m.8 views

CVE-2011-1024

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicyforwardupdates aka authentication-failure forwarding is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a sla...

6.4AI score
Exploits0References21
OSV
OSV
added 2010/07/28 12:48 p.m.7 views

CVE-2010-0211

The slapmodrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smrnormalize function, which allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a modrdn call with an RDN string containing...

9.8CVSS9.6AI score
Exploits0References24
OSV
OSV
added 2009/10/23 7:30 p.m.8 views

CVE-2009-3767

libraries/libldap/tlso.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers vi...

5.9AI score
Exploits0References19
OpenVAS
OpenVAS
added 2009/02/27 12:0 a.m.31 views

CentOS Update for compat-openldap CESA-2008:0110 centos5 i386

Check for the Version of compat-openldap OpenVAS Vulnerability Test CentOS Update for compat-openldap CESA-2008:0110 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

4CVSS7.5AI score0.03053EPSS
Exploits4References2
OSV
OSV
added 2008/07/17 12:0 a.m.2 views

DTSA-151-1 openldap - denial of service

Bulletin has no description...

5CVSS6.3AI score0.13173EPSS
Exploits0
OSV
OSV
added 2008/07/01 9:41 p.m.7 views

CVE-2008-2952

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams that trigger an assertion error...

6.3AI score
Exploits0References31
NVD
NVD
added 2004/09/07 4:0 a.m.22 views

CVE-2004-0823

OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed crypt passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed...

7.5CVSS6.5AI score0.02739EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.19 views

GLSA-200403-12 : OpenLDAP DoS Vulnerability

The remote host is affected by the vulnerability described in GLSA-200403-12 OpenLDAP DoS Vulnerability A password extended operation password EXOP which fails will cause the slapd server to free an uninitialized pointer, possibly resulting in a segfault. This only affects servers using the...

5CVSS5.6AI score0.026EPSS
Exploits0References3
Rows per page
Query Builder