Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openldap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23749
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents ...
Miniorange Ldap Integration With Active Directory And Openldap 5.0.2
5
CVSSv2
CVE-2020-25709
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
Openldap Openldap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Apple Macos
Apple Mac Os X
Apple Mac Os X 10.14.6
Apple Mac Os X 10.15.7
Redhat Jboss Core Services -
NA
CVE-2023-2953
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
Openldap Openldap 2.4
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Apple Macos
Netapp Clustered Data Ontap -
Netapp Active Iq Unified Manager -
Netapp Ontap Tools -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
5
CVSSv2
CVE-2020-25710
A flaw was found in OpenLDAP in versions prior to 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Openldap Openldap
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux 5.0
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Core Services -
Debian Debian Linux 9.0
Fedoraproject Fedora 33
3.5
CVSSv2
CVE-2019-13057
An issue exists in the server in OpenLDAP prior to 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting ...
Openldap Openldap
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Apple Mac Os X
Apple Mac Os X 10.14.6
Apple Mac Os X 10.13.6
Mcafee Policy Auditor
Mcafee Policy Auditor 6.5.1
Oracle Solaris 11
Oracle Zfs Storage Appliance Kit 8.8
Oracle Blockchain Platform
5
CVSSv2
CVE-2019-13565
An issue exists in OpenLDAP 2.x prior to 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in t...
Openldap Openldap
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
Opensuse Leap 15.0
Opensuse Leap 15.1
F5 Traffix Signaling Delivery Controller 5.1.0
F5 Traffix Signaling Delivery Controller 5.0.0
Apple Mac Os X 10.13.6
Apple Mac Os X
Apple Mac Os X 10.14.6
Oracle Solaris 11
Oracle Zfs Storage Appliance Kit 8.8
Oracle Blockchain Platform
5
CVSSv2
CVE-2020-12243
In filter.c in slapd in OpenLDAP prior to 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
Openldap Openldap
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Netapp Cloud Backup -
Netapp Steelstore Cloud Integrated Storage -
Netapp H410c Firmware -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Broadcom Brocade Fabric Operating System -
5
CVSSv2
CVE-2005-2069
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote malicious users to sniff the password.
Padl Nss Ldap -
Padl Pam Ldap -
7.5
CVSSv2
CVE-2005-2641
Unknown vulnerability in pam_ldap prior to 180 does not properly handle a new password policy control, which could allow malicious users to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.
Padl Software Pam Ldap
5
CVSSv2
CVE-2006-1470
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote malicious users to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
Apple Mac Os X 10.4.3
Apple Mac Os X 10.4.4
Apple Mac Os X Server 10.4.4
Apple Mac Os X Server 10.4.5
Apple Mac Os X 10.4.1
Apple Mac Os X 10.4.2
Apple Mac Os X Server 10.4.2
Apple Mac Os X Server 10.4.3
Apple Mac Os X 10.4.5
Apple Mac Os X 10.4.6
Apple Mac Os X Server 10.4.6
Apple Mac Os X 10.4
Apple Mac Os X Server 10.4
Apple Mac Os X Server 10.4.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »