CVE-2025-20370 Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability changeauthentication, could send multiple LDAP bind requests to a specific...

PT-2025-40273

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1 Splunk Enterprise versions 9.2.8 through 9.4.4 Splunk Cloud Platform versions prior to 9.3.2411.108 Splunk Cloud Platform versions 9.2.2406.123 through 9.3.2408.118 Description A user with the change...

CVE-2020-26214

In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for...

CVE-2020-26214 LDAP authentication bypass in Alerta

In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for...

UBUNTU-CVE-2017-2668

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...

Microsoft Windows: Network security: LDAP client signing requirements

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnsecldapclientsigning.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Network security: LDAP client signing requirements Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

EulerOS 2.0 SP2 : 389-ds-base (EulerOS-SA-2017-1087)

According to the version of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use...

389-ds-base: Remote crash via crafted LDAP messages

An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...

389-ds-base: Remote crash via crafted LDAP messages

An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...

SUSE-SA:2006:072: openldap2-client

The remote host is missing the patch for the advisory SUSE-SA:2006:072 openldap2-client. OpenLDAP libldap's strval2strlen function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application especially the OpenLDAP Serv...