Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openldap openldap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-6908
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and previous versions allows remote malicious users to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
Openldap Openldap
Apple Mac Os X
1 EDB exploit
NA
CVE-2009-3767
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle maliciou...
Openldap Openldap
Apple Mac Os X
Fedoraproject Fedora 11
7.5
CVSSv3
CVE-2020-36225
A flaw exists in OpenLDAP prior to 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
Openldap Openldap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Apple Macos
7.5
CVSSv3
CVE-2020-36227
A flaw exists in OpenLDAP prior to 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.
Openldap Openldap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Apple Macos
7.5
CVSSv3
CVE-2020-36228
An integer underflow exists in OpenLDAP prior to 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
Openldap Openldap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Apple Macos
7.5
CVSSv3
CVE-2017-17740
contrib/slapd-modules/nops/nops.c in OpenLDAP up to and including 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote malicious users to cause a denial of service (slapd crash) via ...
Openldap Openldap
Opensuse Leap 15.0
Opensuse Leap 15.1
Oracle Blockchain Platform
Mcafee Policy Auditor
7.5
CVSSv3
CVE-2006-5779
OpenLDAP prior to 2.3.29 allows remote malicious users to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
Openldap Openldap
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 5.10
Canonical Ubuntu Linux 6.06
NA
CVE-2015-1546
Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote malicious users to cause a denial of service (crash) via a crafted search query with a matched values control.
Openldap Openldap 2.4.40
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Apple Mac Os X 10.10.2
7.5
CVSSv3
CVE-2014-8182
An off-by-one error leading to a crash exists in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.
Openldap Openldap 2.4
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.2
CVSSv3
CVE-2020-15719
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat E...
Openldap Openldap
Redhat Enterprise Linux 8.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Mcafee Policy Auditor
Oracle Blockchain Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »