CVE-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

OpenLDAP SQL注入漏洞

OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol LDAP from the Openldap Foundation in the United States. A security vulnerability exists in OpenLDAP version 2.x up to and including version 2.5.12, and version 2.6.x up to and including version 2.6.2, which ste...

OAUTH2 bearer bypass in connection reuse

libcurl might reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMTPS, IMAPS, POP3S and LDAPS OpenLDAP only. libcurl maintains a pool of live connection...

CVE-2022-22576

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

Hitachi Energy System Data Manager

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: System Data Manager – SDM600 Vulnerabilities: Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, Observable Discrepancy 2. RISK...

CVE-2015-3276 affecting package openldap for versions less than 2.4.57-5

CVE-2015-3276 affecting package openldap for versions less than 2.4.57-5. A patched version of the package is available...

CVE-2021-27212 affecting package openldap for versions less than 2.4.57-5

CVE-2021-27212 affecting package openldap for versions less than 2.4.57-5. A patched version of the package is available...

Medium: openldap

Issue Overview: A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. CVE-2020-25709 A flaw was found in OpenLDAP...

Amazon Linux 2 : openldap (ALAS-2022-1770)

The version of openldap installed on the remote host is prior to 2.4.44-23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1770 advisory. A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP'...

curl: CVE-2022-22576: OAUTH2 bearer bypass in connection re-use

Summary: A cached connection authenticated with the OAUTH2 mechanisms can be reused by a subsequent request even if the bearer is not correct. This affects SASL-enabled protcols: SMPTPS, IMAPS, POP3S and LDAPS openldap only. An application that can be accessed by more than one user such as a...

CLSA-2022-1646915783 Fix of CVE: CVE-2021-27212

CVE-2021-27212: a malicious packet can force OpenLDAP to fail an assertion and crash...

Critical Photon OS Security Update - PHSA-2022-0476

Updates of 'mariadb', 'go', 'expat' packages of Photon OS have been released...

CentOS: Security Advisory for openldap (CESA-2022:0621)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openldap security update

CentOS Errata and Security Advisory CESA-2022:0621 An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 7 : openldap (RHSA-2022:0621)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0621 advisory. - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger an...

Scientific Linux Security Update : openldap on SL7.x i686/x86_64 (2022:0621)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0621-1 advisory. - openldap: assertion failure in Certificate List syntax validation CVE-2020-25709 - openldap: assertion failure in CSN normalization with invali...

Slackware Linux 14.2 / 15.0 / current cyrus-sasl Multiple Vulnerabilities (SSA:2022-055-01)

The version of cyrus-sasl installed on the remote host is prior to 2.1.28. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-055-01 advisory. - cyrus-sasl aka Cyrus SASL 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of- service in...

Oracle Linux 7 : openldap (ELSA-2022-0621)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0621 advisory. - Fix CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation 2040539 Tenable has extracted the preceding description block...

openldap security update

2.4.44-25 - Fix CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation 2040539 - Fix CVE-2020-25710 openldap: assertion failure in CSN normalization with invalid input 2040538...

Moderate: Red Hat Security Advisory: openldap security update

An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...