2399 matches found
CBL Mariner 2.0 Security Update: openldap (CVE-2022-29155)
The version of openldap installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-29155 advisory. - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the...
Debian: Security Advisory (DLA-203-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-309-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Hitachi Energy Gateway Station
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Gateway Station GWS Vulnerabilities: NULL Pointer Dereference, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause affected modules to...
Amazon Linux 2 : openldap (ALAS-2023-1958)
The version of openldap installed on the remote host is prior to 2.4.44-23. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1958 advisory. In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend ...
Amazon Linux AMI : openldap (ALAS-2023-1691)
The version of openldap installed on the remote host is prior to 2.4.40-16.32. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1691 advisory. In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backen...
K16343: OpenLDAP vulnerabilities CVE-2015-1545 and CVE-2015-1546
Security Advisory Description CVE-2015-1545 The derefparseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an empty attribute list in a deref control in a search request...
K56241216: OpenLDAP vulnerabilities CVE-2020-25709 and CVE-2020-25710
Security Advisory Description CVE-2020-25709 A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. CVE-2020-25710...
K45243961: OpenLDAP vulnerability CVE-2020-12243
Security Advisory Description In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. CVE-2020-12243 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...
K17460: OpenLDAP vulnerability CVE-2015-6908
Security Advisory Description The bergetnext function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. CVE-2015-6908 Impact A...
K16882: OpenLDAP vulnerability CVE-2013-4449
Security Advisory Description Description The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the...
Critical: openldap
Issue Overview: In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of...
Critical: openldap
Issue Overview: In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of...
SUSE CVE-2005-2069
pamldap and nssldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password...
SUSE CVE-2006-1470
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service crash via an invalid LDAP request that triggers an assert error...
SUSE CVE-2006-4600
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List ACL privileges to modify arbitrary Distinguished Names DN...
SUSE CVE-2006-5779
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service daemon crash via LDAP BIND requests with long authcid names, which triggers an assertion failure...
SUSE CVE-2007-5708
slapo-pcache overlays/pcache.c in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service segmentation fault v...
SUSE CVE-2007-5707
OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service slapd crash via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent...
SUSE CVE-2007-6698
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service crash via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability...