Filtered by vendor Openldap
Subscribe
Search
Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9713 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2016-12-22 | 4.0 MEDIUM | N/A |
| The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors. | |||||
| CVE-2013-4449 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2016-12-08 | 4.3 MEDIUM | N/A |
| The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. | |||||
| CVE-2015-3276 | 2 Openldap, Redhat | 5 Openldap, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2016-10-15 | 5.0 MEDIUM | N/A |
| The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2006-6493 | 1 Openldap | 1 Openldap | 2011-03-08 | 5.1 MEDIUM | N/A |
| Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data. | |||||
| CVE-2007-5708 | 1 Openldap | 1 Openldap | 2011-03-07 | 7.1 HIGH | N/A |
| slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated. | |||||
| CVE-2004-1880 | 1 Openldap | 1 Openldap | 2008-09-10 | 5.0 MEDIUM | N/A |
| Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2002-1508 | 1 Openldap | 1 Openldap | 2008-09-10 | 1.2 LOW | N/A |
| slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests. | |||||
| CVE-2002-1379 | 1 Openldap | 1 Openldap | 2008-09-10 | 7.5 HIGH | N/A |
| OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges. | |||||
| CVE-2000-0336 | 4 Mandrakesoft, Openldap, Redhat and 1 more | 4 Mandrake Linux, Openldap, Linux and 1 more | 2008-09-10 | 2.1 LOW | N/A |
| Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. | |||||
| CVE-2005-4442 | 1 Openldap | 1 Openldap | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
| CVE-2000-0748 | 1 Openldap | 1 Openldap | 2008-09-05 | 4.6 MEDIUM | N/A |
| OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse. | |||||