CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

EUVD-2026-33569

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

CVE-2026-35563 Apache Directory LDAP API: LDAP client implementation does not verify if the server certificate matches the intended LDAP hostname

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

CVE-2019-2844

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: LDAP Client Tools. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to...

CVE-2025-61912 python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to...

EUVD-2019-12483

Malware in sbrugna...

EUVD-2019-9034

Malware in sbrugna...

EUVD-2023-29450

Malicious code in bioql PyPI...

CVE-2019-19413

There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash...

CVE-2002-2328

Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service hang via an LDAP client that sets the page length to zero during a large request...

CVE-2005-3170

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer LDAPS even when the Certificate Authority CA is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site...

Do Not Install the LDAP Client

Lightweight Directory Access Protocol LDAP is a protocol that provides access control and is used to maintain distributed directory information. Running the LDAP service requires additional system resources and expands the attack surface. Therefore, do not install the LDAP client in the service...

CVE-2025-26670 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

...

CVE-2025-26670 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

...

Linux Distros Unpatched Vulnerability : CVE-2016-2112

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the client ldap sasl wrapping...

CVE-2024-49124

According to the connected NCSC advisory, CVE-2024-49124 is an LDAP-related vulnerability in Windows LDAP with an impact described as Execution of random code (CVSS 8.1/8.10 range in the table). The advisory notes that Microsoft has fixed vulnerabilities and recommends applying the security updat...

CVE-2024-49124 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

...

Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

...

CVE-2023-25495

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured...

CVE-2023-25495

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured...