Skip to main content

Openldap

19 CVEs product

Monthly

CVE-2023-2953 HIGH This Week

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openldap Enterprise Linux macOS +8
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-29155 CRITICAL POC THREAT Act Now

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openldap Debian Linux H300s Firmware H500s Firmware +4
NVD
CVSS 3.1
9.8
EPSS
69.9%
CVE-2021-27212 HIGH POC PATCH THREAT This Week

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Openldap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
64.1%
CVE-2020-25692 HIGH PATCH This Week

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Openldap Enterprise Linux Cloud Backup +1
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-15719 MEDIUM PATCH This Month

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Red Hat Openldap Enterprise Linux Leap +2
NVD
CVSS 3.1
4.2
EPSS
2.4%
CVE-2020-12243 HIGH POC PATCH This Week

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Openldap Debian Linux Leap Ubuntu Linux +14
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2019-13565 HIGH PATCH This Week

An issue was discovered in OpenLDAP 2.x before 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openldap Ubuntu Linux Debian Linux Leap +5
NVD
CVSS 3.1
7.5
EPSS
5.0%
CVE-2019-13057 MEDIUM PATCH This Month

An issue was discovered in the server in OpenLDAP before 2.4.48. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openldap Ubuntu Linux Debian Linux Leap +5
NVD
CVSS 3.1
4.9
EPSS
3.2%
CVE-2017-17740 HIGH PATCH This Week

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Openldap Leap Blockchain Platform +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2017-14159 MEDIUM PATCH This Month

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this. Rated medium severity (CVSS 4.7).

Information Disclosure Openldap Blockchain Platform
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2017-9287 MEDIUM POC PATCH THREAT This Month

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Denial Of Service Openldap Debian Linux Enterprise Linux Desktop Enterprise Linux Eus +6
NVD
CVSS 3.1
6.5
EPSS
26.5%
CVE-2015-3276 HIGH PATCH This Week

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Openldap Linux Enterprise Linux Desktop +6
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2015-6908 MEDIUM POC THREAT This Month

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.5%.

Denial Of Service Openldap Mac Os X
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
70.5%
Threat
4.6
CVE-2014-9713 MEDIUM This Month

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Debian Privilege Escalation Openldap Debian Linux
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2015-1546 MEDIUM This Month

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.4% and no vendor patch available.

Denial Of Service Openldap Opensuse Mac Os X
NVD
CVSS 2.0
5.0
EPSS
10.4%
CVE-2015-1545 MEDIUM POC THREAT This Month

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.8%.

Denial Of Service Openldap
NVD
CVSS 2.0
5.0
EPSS
64.8%
Threat
4.4
CVE-2013-4449 MEDIUM This Month

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 68.7% and no vendor patch available.

Denial Of Service Debian Linux Openldap
NVD
CVSS 2.0
4.3
EPSS
68.7%
CVE-2012-1164 LOW Monitor

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Epss exploitation probability 12.7% and no vendor patch available.

Buffer Overflow Denial Of Service Openldap
NVD
CVSS 2.0
2.6
EPSS
12.7%
CVE-2012-2668 MEDIUM This Month

libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Openldap
NVD
CVSS 2.0
4.3
EPSS
0.6%
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openldap +10
NVD
EPSS 70% CVSS 9.8
CRITICAL POC THREAT Act Now

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openldap Debian Linux +6
NVD
EPSS 64% CVSS 7.5
HIGH POC PATCH THREAT This Week

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Openldap Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Openldap +3
NVD
EPSS 2% CVSS 4.2
MEDIUM PATCH This Month

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Red Hat Openldap +4
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Openldap Debian Linux +16
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in OpenLDAP 2.x before 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openldap Ubuntu Linux +7
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

An issue was discovered in the server in OpenLDAP before 2.4.48. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openldap Ubuntu Linux +7
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Openldap +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this. Rated medium severity (CVSS 4.7).

Information Disclosure Openldap Blockchain Platform
NVD
EPSS 27% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Denial Of Service Openldap Debian Linux +8
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Openldap +8
NVD
EPSS 71% 4.6 CVSS 5.0
MEDIUM POC THREAT This Month

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.5%.

Denial Of Service Openldap Mac Os X
NVD Exploit-DB
EPSS 0% CVSS 4.0
MEDIUM This Month

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Debian Privilege Escalation Openldap +1
NVD
EPSS 10% CVSS 5.0
MEDIUM This Month

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.4% and no vendor patch available.

Denial Of Service Openldap Opensuse +1
NVD
EPSS 65% 4.4 CVSS 5.0
MEDIUM POC THREAT This Month

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.8%.

Denial Of Service Openldap
NVD
EPSS 69% CVSS 4.3
MEDIUM This Month

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 68.7% and no vendor patch available.

Denial Of Service Debian Linux Openldap
NVD
EPSS 13% CVSS 2.6
LOW Monitor

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Epss exploitation probability 12.7% and no vendor patch available.

Buffer Overflow Denial Of Service Openldap
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Openldap
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy