Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openldap openldap 2.0.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-25710
A flaw was found in OpenLDAP in versions prior to 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Openldap Openldap
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux 5.0
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Core Services -
Debian Debian Linux 9.0
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2019-19906
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
Cyrusimap Cyrus-sasl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 8.0
Apple Mac Os X 10.14.6
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4
Redhat Enterprise Linux For Power Little Endian 8.0
NA
CVE-2011-4079
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and previous versions allows remote malicious users to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddress...
Openldap Openldap 2.0.2
Openldap Openldap 2.0.11 11
Openldap Openldap 2.1.15
Openldap Openldap 2.1.10
Openldap Openldap 2.3.5
Openldap Openldap 2.2.4
Openldap Openldap 2.2.22
Openldap Openldap 2.3.31
Openldap Openldap 2.3.42
Openldap Openldap 2.1.29
Openldap Openldap 2.2.18
Openldap Openldap 2.1.9
Openldap Openldap 1.2.6
Openldap Openldap 1.1.2
Openldap Openldap 2.0.22
Openldap Openldap 2.4.17
Openldap Openldap 2.4.6
Openldap Openldap 2.0.9
Openldap Openldap 2.2.0
Openldap Openldap 2.3.32
Openldap Openldap 2.1.19
Openldap Openldap 1.0
NA
CVE-2009-1417
gnutls-cli in GnuTLS prior to 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote malicious users to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls...
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 1.1.14
Gnu Gnutls 2.3.4
Gnu Gnutls 1.7.3
Gnu Gnutls 1.4.1
Gnu Gnutls 1.4.3
Gnu Gnutls 2.6.1
Gnu Gnutls 1.2.11
Gnu Gnutls 1.1.21
Gnu Gnutls 1.7.5
Gnu Gnutls 1.7.11
Gnu Gnutls 1.0.20
Gnu Gnutls 1.2.5
Gnu Gnutls 2.2.4
Gnu Gnutls 1.0.17
Gnu Gnutls 1.2.4
Gnu Gnutls 1.3.1
Gnu Gnutls 1.0.24
NA
CVE-2007-5707
OpenLDAP prior to 2.3.39 allows remote malicious users to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.
Openldap Openldap 2.0.2
Openldap Openldap 2.0.11 11
Openldap Openldap 2.1.15
Openldap Openldap 2.1.10
Openldap Openldap 2.3.28 2.20061022
Openldap Openldap 2.2.4
Openldap Openldap 2.2.22
Openldap Openldap 2.1.29
Openldap Openldap 2.2.18
Openldap Openldap 2.1.9
Openldap Openldap 1.2.6
Openldap Openldap 1.1.2
Openldap Openldap 2.0.22
Openldap Openldap 2.0.9
Openldap Openldap 2.2.0
Openldap Openldap 2.1.19
Openldap Openldap 1.0
Openldap Openldap 2.2.29 Rev 1.134
Openldap Openldap 1.2.7
Openldap Openldap 2.2.12
Openldap Openldap 2.2.20
Openldap Openldap 2.0.15
NA
CVE-2007-5708
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP prior to 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow malicious users to cause a denial of s...
Openldap Openldap 2.0.2
Openldap Openldap 2.0.11 11
Openldap Openldap 2.1.15
Openldap Openldap 2.1.10
Openldap Openldap 2.3.28 2.20061022
Openldap Openldap 2.2.4
Openldap Openldap 2.2.22
Openldap Openldap 2.1.29
Openldap Openldap 2.2.18
Openldap Openldap 2.1.9
Openldap Openldap 1.2.6
Openldap Openldap 1.1.2
Openldap Openldap 2.0.22
Openldap Openldap 2.0.9
Openldap Openldap 2.2.0
Openldap Openldap 2.1.19
Openldap Openldap 1.0
Openldap Openldap 2.2.29 Rev 1.134
Openldap Openldap 1.2.7
Openldap Openldap 2.2.12
Openldap Openldap 2.2.20
Openldap Openldap 2.0.15
NA
CVE-2006-6493
Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and previous versions, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote malicious users to execute arbitrary code via an LDAP bind request using t...
Openldap Openldap 2.0.2
Openldap Openldap 2.0.11 11
Openldap Openldap 2.1.15
Openldap Openldap 2.1.10
Openldap Openldap 2.2.4
Openldap Openldap 2.2.22
Openldap Openldap 2.1.29
Openldap Openldap 2.2.18
Openldap Openldap 2.1.9
Openldap Openldap 1.2.6
Openldap Openldap 1.1.2
Openldap Openldap 2.0.22
Openldap Openldap 2.0.9
Openldap Openldap 2.2.0
Openldap Openldap 2.1.19
Openldap Openldap 1.0
Openldap Openldap 1.2.7
Openldap Openldap 2.2.12
Openldap Openldap 2.2.20
Openldap Openldap 2.0.15
Openldap Openldap 2.2.13
Openldap Openldap 2.1.30
1 EDB exploit
NA
CVE-2005-4442
Untrusted search path vulnerability in OpenLDAP prior to 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
Openldap Openldap 2.0.2
Openldap Openldap 2.1.15
Openldap Openldap 2.1.10
Openldap Openldap 2.2.4
Openldap Openldap 2.2.22
Openldap Openldap 2.1.29
Openldap Openldap 2.2.18
Openldap Openldap 2.1.9
Openldap Openldap 2.0.22
Openldap Openldap 2.0.9
Openldap Openldap 2.1.19
Openldap Openldap 2.2.12
Openldap Openldap 2.2.20
Openldap Openldap 2.0.15
Openldap Openldap 2.2.13
Openldap Openldap 2.1.30
Openldap Openldap 2.0.26
Openldap Openldap 2.1.5
Openldap Openldap 2.1.14
Openldap Openldap 2.1.21
Openldap Openldap 2.1.24
Openldap Openldap 2.1.20
NA
CVE-2004-1880
Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and previous versions allows remote malicious users to cause a denial of service (memory consumption).
Openldap Openldap 2.0.2
Openldap Openldap 2.1.10
Openldap Openldap 2.1.9
Openldap Openldap 1.2.6
Openldap Openldap 1.1.2
Openldap Openldap 2.0.22
Openldap Openldap 2.0.9
Openldap Openldap 1.0
Openldap Openldap 1.2.7
Openldap Openldap 2.0.15
Openldap Openldap 2.0.26
Openldap Openldap 2.1.5
Openldap Openldap 1.0.2
Openldap Openldap 2.0.14
Openldap Openldap 2.0.7
Openldap Openldap 1.2.11
Openldap Openldap 1.1.0
Openldap Openldap 2.0.13
Openldap Openldap 2.0.27
Openldap Openldap 2.1.2
Openldap Openldap 2.1.6
Openldap Openldap 2.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started