SUSE SLES12 Security Update : openldap2 (SUSE-SU-2022:1685-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1685-1 advisory. - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd,...

Vulnerability fixed in OpenLDAP

A vulnerability has been fixed in OpenLDAP. The vulnerability allows a malicious person to perform an SQL injection. The is a vulnerability in the back-sql backend. This backend is no longer actively supported but is still available in OpenLDAP. The developers of OpenLDAP have released updates to...

DEBIAN-CVE-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

AZL-9672 CVE-2022-29155 affecting package openldap for versions less than 2.4.57-7

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

ALPINE-CVE-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

CVE-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

openSUSE Security Update : cyrus-imapd (openSUSE-2015-606)

This update provides version 2.4.18 of cyrus-imapd - Security fix: handle urlfetch range starting outside message range - A bunch of cleanups and fixes to compiling - A bunch of sieve cleanups - Enhanced SSL/TLS configuration options - Disable use of SSLv2/SSLv3 - Allow SQL backend for mboxlist a...

Web Application SQL Backend Identification

At least one web application hosted on the remote web server is built on a SQL backend that Nessus was able to identify by looking at error messages. Leaking this kind of information may help an attacker fine-tune attacks against the application and its backend. %NASLMINLEVEL 70300 C Tenable...

jabberd -- remote buffer overflow vulnerability

Caused by improper bounds-checking of username and password in the C2S module, it is possible for an attacker to cause a remote buffer overflow. The server directly handles the userinput with SQL backend functions - malicious input may lead to buffer overflow...