EulerOS Virtualization 3.0.2.2 : openldap (EulerOS-SA-2023-1280)

According to the versions of the openldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd...

GHSA-C45C-39F6-6GW9 Rancher generated tokens not revoked after modifications made to authentication provider

Impact This issue affects Rancher versions from 2.5.0 up to and including 2.5.16, from 2.6.0 up to and including 2.6.9 and 2.7.0. It only affects Rancher setups that have an external authentication provider configured or had one configured in the past. It was discovered that when an external...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.242)

The version of AHV installed on the remote host is prior to 20220304.242. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.242 advisory. - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - In Expat aka...

CVE-2023-23749

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...

CVE-2023-23749

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...

CVE-2023-23749 Extension - miniorange - LDAP Integration - LDAP Injection (username)

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...

CVE-2023-23749 Extension - miniorange - LDAP Integration - LDAP Injection (username)

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...

CVE-2023-23749

The CVE-2023-23749 entry concerns the Joomla extension “LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login.” The root cause is improper sanitization of the POST username parameter, enabling LDAP Injection and allowing an attacker to dump arbitrary contents from the LDAP d...

K98008862: OpenLDAP vulnerability CVE-2019-13565

Security Advisory Description An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any...

LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login , 5.0.2, Other

Other : 5.0.2 Exploit Check developer for new releases...

SUSE-SU-2022:4124-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - CVE-2021-45710: Fixed tokio data race with memory corruption bsc1194119. - Update to version 2.0.16git56.d15a0a7. - Failure to migrate from openldap if pwdPolicyChecker present bsc1205146. - Resolve issue with checklist post migration when dds ...

openldap bug fix and enhancement update

An update is available for openldap. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.1...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openldap Multiple Vulnerabilities (NS-SA-2022-0077)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openldap packages installed that are affected by multiple vulnerabilities: - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger ...

CVE-2022-31253

A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior ...

Huawei EulerOS: Security Advisory for compat-openldap (EulerOS-SA-2022-2604)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2022-2628)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : compat-openldap (EulerOS-SA-2022-2604)

According to the versions of the compat-openldap package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd...

EulerOS 2.0 SP3 : openldap (EulerOS-SA-2022-2628)

According to the versions of the openldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via ...

Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2022-2577)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : openldap (EulerOS-SA-2022-2577)

According to the versions of the openldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend...