Lucene search
K

36 matches found

Tenable Nessus
Tenable Nessus
added 2023/01/10 12:0 a.m.22 views

EulerOS Virtualization 2.9.0 : python-ldap (EulerOS-SA-2023-1230)

According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions,...

6.5CVSS6.4AI score0.01701EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/02 12:0 a.m.18 views

EulerOS 2.0 SP10 : python-ldap (EulerOS-SA-2022-2694)

According to the versions of the python-ldap package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regula...

6.5CVSS6.4AI score0.01701EPSS
Exploits0References2
OSV
OSV
added 2022/07/30 11:4 a.m.4 views

OESA-2022-1792 python-ldap security update

python-ldap provides an object-oriented API for working with LDAP within Python programs. It allows access to LDAP directory servers by wrapping the OpenLDAP 2.x libraries, and contains modules for other LDAP-related tasks including processing LDIF, LDAPURLs, LDAPv3 schema, etc.. Security Fixes:...

6.5CVSS6.7AI score0.01701EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2022/06/29 7:0 a.m.7 views

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

...

6.5CVSS6.5AI score0.01701EPSS
Exploits0
NVD
NVD
added 2022/06/18 4:15 p.m.11 views

CVE-2021-46823

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS0.01701EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/18 4:15 p.m.6 views

CVE-2021-46823

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS6.6AI score0.01701EPSS
Exploits0References3
OSV
OSV
added 2022/06/18 4:15 p.m.24 views

CVE-2021-46823

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2022/06/18 4:15 p.m.7 views

AZL-9960 CVE-2021-46823 affecting package python-ldap for versions less than 3.4.0-1

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS6.7AI score0.01701EPSS
Exploits0References1
OSV
OSV
added 2022/06/18 4:15 p.m.3 views

DEBIAN-CVE-2021-46823

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS6.3AI score0.01701EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/18 3:27 p.m.23 views

CVE-2021-46823

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.3AI score0.01701EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/06/18 3:27 p.m.28 views

CVE-2021-46823

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS6.2AI score0.01701EPSS
Exploits0
CNNVD
CNNVD
added 2022/06/18 12:0 a.m.4 views

python-ldap 安全漏洞

python-ldap is the python-ldap open source LDAP client API for Python. A security vulnerability exists in python-ldap versions prior to 3.4.0 that stems from a Regular Expression Denial of Service ReDoS flaw in the LDAP schema parser. An attacker could use this vulnerability to cause a denial of...

6.5CVSS6.4AI score0.01701EPSS
Exploits0References7
OSV
OSV
added 2021/08/11 3:19 p.m.4 views

GHSA-435P-F82X-MXWM Command injection in Yamale

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

8.5CVSS6.3AI score0.0249EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/08/11 3:19 p.m.68 views

Command injection in Yamale

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

9.3CVSS7.8AI score0.0249EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2021/08/09 9:15 p.m.32 views

Spoofing

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

9.3CVSS7.8AI score0.0249EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/09 9:15 p.m.7 views

PYSEC-2021-119

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

9.3CVSS8AI score0.0249EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder