Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openldap openldap 2.4 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-36229
A flaw exists in ldap_X509dn2bv in OpenLDAP prior to 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.
Openldap Openldap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Apple Mac Os X
Apple Mac Os X 10.14.6
Apple Macos
7.5
CVSSv3
CVE-2020-36230
A flaw exists in OpenLDAP prior to 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
Openldap Openldap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Apple Mac Os X
Apple Mac Os X 10.14.6
Apple Macos
Apache Bookkeeper 4.12.1
7.5
CVSSv3
CVE-2014-8182
An off-by-one error leading to a crash exists in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.
Openldap Openldap 2.4
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2019-13565
An issue exists in OpenLDAP 2.x prior to 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in t...
Openldap Openldap
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
Opensuse Leap 15.0
Opensuse Leap 15.1
F5 Traffix Signaling Delivery Controller 5.1.0
F5 Traffix Signaling Delivery Controller 5.0.0
Apple Mac Os X 10.13.6
Apple Mac Os X
Apple Mac Os X 10.14.6
Oracle Solaris 11
Oracle Zfs Storage Appliance Kit 8.8
Oracle Blockchain Platform
NA
CVE-2011-1024
chain.c in back-ldap in OpenLDAP 2.4.x prior to 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an in...
Openldap Openldap 2.4.10
Openldap Openldap 2.4.6
Openldap Openldap 2.4.14
Openldap Openldap 2.4.15
Openldap Openldap 2.4.16
Openldap Openldap 2.4.22
Openldap Openldap 2.4.12
Openldap Openldap 2.4.13
Openldap Openldap 2.4.21
Openldap Openldap 2.4.23
Openldap Openldap 2.4.7
Openldap Openldap 2.4.8
Openldap Openldap 2.4.17
Openldap Openldap 2.4.18
Openldap Openldap 2.4.9
Openldap Openldap 2.4.11
Openldap Openldap 2.4.19
Openldap Openldap 2.4.20
NA
CVE-2011-1025
bind.cpp in back-ndb in OpenLDAP 2.4.x prior to 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote malicious users to bypass intended access restrictions via an arbitrary password.
Openldap Openldap 2.4.7
Openldap Openldap 2.4.6
Openldap Openldap 2.4.15
Openldap Openldap 2.4.20
Openldap Openldap 2.4.22
Openldap Openldap 2.4.8
Openldap Openldap 2.4.17
Openldap Openldap 2.4.14
Openldap Openldap 2.4.13
Openldap Openldap 2.4.12
Openldap Openldap 2.4.11
Openldap Openldap 2.4.21
Openldap Openldap 2.4.18
Openldap Openldap 2.4.10
Openldap Openldap 2.4.9
Openldap Openldap 2.4.16
Openldap Openldap 2.4.19
Openldap Openldap 2.4.23
NA
CVE-2011-1081
modrdn.c in slapd in OpenLDAP 2.4.x prior to 2.4.24 allows remote malicious users to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
Openldap Openldap 2.4.7
Openldap Openldap 2.4.6
Openldap Openldap 2.4.14
Openldap Openldap 2.4.15
Openldap Openldap 2.4.10
Openldap Openldap 2.4.22
Openldap Openldap 2.4.8
Openldap Openldap 2.4.16
Openldap Openldap 2.4.17
Openldap Openldap 2.4.23
Openldap Openldap 2.4.13
Openldap Openldap 2.4.12
Openldap Openldap 2.4.20
Openldap Openldap 2.4.21
Openldap Openldap 2.4.11
Openldap Openldap 2.4.9
Openldap Openldap 2.4.18
Openldap Openldap 2.4.19
1 EDB exploit
NA
CVE-2009-3767
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle maliciou...
Openldap Openldap
Apple Mac Os X
Fedoraproject Fedora 11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2