Lucene search
K

394 matches found

Tenable Nessus
Tenable Nessus
added 2024/07/02 12:0 a.m.26 views

RHEL 8 : 389-ds (RHSA-2024:4235)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4235 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP...

7.5CVSS6.8AI score0.01256EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2024/06/18 6:22 p.m.54 views

K000140040: OpenLDAP slapd vulnerabilities CVE-2020-36230, CVE-2020-36229, CVE-2017-17740, CVE-2017-9287, and CVE-2017-14159

Security Advisory Description CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c bernextelement, resulting in denial of service. CVE-2020-36229 A flaw was discovered in ldapX509dn2bv in OpenLDAP before 2.4.57...

7.5CVSS6.5AI score0.1229EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.16 views

RHEL 7 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openldap: ACL restrictions bypass due to saslssf value being set permanently CVE-2019-13565 -...

7.5CVSS6.9AI score0.05015EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/05/28 12:4 p.m.24 views

CVE-2024-2199 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

5.7CVSS5.7AI score0.00565EPSS
Exploits0References12
OSV
OSV
added 2024/03/06 11:1 a.m.21 views

BIT-OPENLDAP-2020-36223

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service double free and out-of-bounds read...

7.5CVSS7.4AI score0.043EPSS
Exploits0References15
OSV
OSV
added 2024/03/06 10:59 a.m.28 views

BIT-OPENLDAP-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

9.8CVSS8.8AI score0.69899EPSS
Exploits1References5
OSV
OSV
added 2023/09/27 5:15 p.m.8 views

CLSA-2023-1695834945 openldap: Fix of 2 CVEs

CVE-2022-29155: fix a SQL injection vulnerability in the back-sql backend to slapd - CVE-2021-27212: fix denial of service daemon exit via a short timestamp if slapd is used...

9.8CVSS7.2AI score0.69899EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2023/05/07 12:0 a.m.14 views

EulerOS Virtualization 3.0.2.0 : openldap (EulerOS-SA-2023-1725)

According to the versions of the openldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend...

9.8CVSS8.2AI score0.69899EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/05/04 12:0 a.m.26 views

Amazon Linux AMI : openldap (ALAS-2023-1741)

The version of openldap installed on the remote host is prior to 2.4.40-16.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1741 advisory. An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and...

7.5CVSS6.7AI score0.84224EPSS
Exploits1References26
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.3 views

SUSE CVE-2006-4600

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List ACL privileges to modify arbitrary Distinguished Names DN...

2.3CVSS7AI score0.02658EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.3 views

SUSE CVE-2007-6698

The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service crash via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability...

4CVSS6.8AI score0.02044EPSS
Exploits3References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.2 views

SUSE CVE-2008-0658

slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service daemon crash via a modrdn operation with a NOOP LDAPXNOOPERATION control, a related issue to CVE-2007-6698...

4CVSS6.7AI score0.03053EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.3 views

SUSE CVE-2011-1081

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service daemon crash via a relative Distinguished Name DN modification request aka MODRDN operation that contains an empty value for the OldDN field...

5CVSS6.5AI score0.13518EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.4 views

SUSE CVE-2011-4079

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service slapd crash via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry...

4CVSS6.5AI score0.03713EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.3 views

SUSE CVE-2012-1164

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service assertion failure and daemon exit via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned...

2.6CVSS6.8AI score0.03691EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.2 views

SUSE CVE-2014-8182

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses...

7.5CVSS6.9AI score0.03094EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.4 views

SUSE CVE-2015-6908

The bergetnext function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd...

5CVSS6.7AI score0.19984EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.4 views

SUSE CVE-2017-14159

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...

4.7CVSS9.1AI score0.00349EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.6 views

SUSE CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd t...

7.5CVSS6.8AI score0.02451EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.2 views

SUSE CVE-2018-14638

A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in deletepasswdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service...

7.5CVSS6.7AI score0.0265EPSS
Exploits0References4
Rows per page
Query Builder