CVE-2023-23749

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...

CVE-2013-5185

The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network...

Alibaba Cloud Linux 3 : 0215: openldap bug fix and enhancement update (Low) (ALINUX3-SA-2024:0215)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0215 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-2953: A vulnerability was found in openlda...

openldap bug fix and enhancement update

An update is available for openldap. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.4...

RLSA-2024:4264 Low: openldap security update

OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LDAP applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Security Fixes: openldap: null pointer dereference in bermemallo...

openldap bug fix update

An update is available for openldap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LD...

openldap security update

An update is available for openldap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LD...

RockyLinux 8 : openldap (RLSA-2024:4264)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4264 advisory. openldap: null pointer dereference in bermemallocx function CVE-2023-2953 Tenable has extracted the preceding description block directly from the RockyLinux...

Linux Distros Unpatched Vulnerability : CVE-2023-2953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function. CVE-2023-2953 Note that Nessus relies on t...

Linux Distros Unpatched Vulnerability : CVE-2017-9287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd b...

Linux Distros Unpatched Vulnerability : CVE-2019-19906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cyrus-sasl aka Cyrus SASL 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of- service in OpenLDAP via a malformed LDAP packet. The...

Linux Distros Unpatched Vulnerability : CVE-2015-3276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nssparseciphers function in libraries/libldap/tlsm.c in OpenLDAP does not properly parse OpenSSL- style multi-keyword mode cipher strings, which might cause...

Linux Distros Unpatched Vulnerability : CVE-2019-13057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases...

Linux Distros Unpatched Vulnerability : CVE-2014-8182

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an...

Linux Distros Unpatched Vulnerability : CVE-2020-15719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN ev...

Linux Distros Unpatched Vulnerability : CVE-2019-13565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd...

Linux Distros Unpatched Vulnerability : CVE-2020-12243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. CVE-2020-12243...

Linux Distros Unpatched Vulnerability : CVE-2009-3767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libraries/libldap/tlso.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name ...

Linux Distros Unpatched Vulnerability : CVE-2010-0212

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenLDAP 2.4.22 allows remote attackers to cause a denial of service crash via a modrdn call with a zero-length RDN destination string, which is not properly...

Advisory ROSA-SA-2025-2686

Software: openldap 2.4.46 OS: ROSA Virtualization 3.0 packageevrstring: openldap-2.4.46-18.0.1 CVE-ID: CVE-2022-29155 BDU-ID: 2022-03203 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the OpenLDAP protocol implementation is related to failure to take measures to protect the SQL query structure...