rpm package
suse/openldap2&distro=SUSE Linux Enterprise Module for Basesystem 15 SP1
pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-8027 | — | < 2.4.46-9.37.1 | 2.4.46-9.37.1 | Feb 11, 2021 | A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This is | ||
| CVE-2020-25692 | — | < 2.4.46-9.40.1 | 2.4.46-9.40.1 | Dec 8, 2020 | A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. | ||
| CVE-2020-8023 | — | < 2.4.46-9.31.1 | 2.4.46-9.31.1 | Sep 1, 2020 | A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterpri | ||
| CVE-2020-15719 | — | < 2.4.46-9.34.1 | 2.4.46-9.34.1 | Jul 14, 2020 | libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat E | ||
| CVE-2020-12243 | — | < 2.4.46-9.28.2 | 2.4.46-9.28.2 | Apr 28, 2020 | In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | ||
| CVE-2019-13565 | — | < 2.4.46-9.19.2 | 2.4.46-9.19.2 | Jul 26, 2019 | An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covere | ||
| CVE-2019-13057 | — | < 2.4.46-9.19.2 | 2.4.46-9.19.2 | Jul 26, 2019 | An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from reque | ||
| CVE-2017-17740 | Hig | 7.5 | < 2.4.46-9.19.2 | 2.4.46-9.19.2 | Dec 18, 2017 | contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN ope |
- CVE-2020-8027Feb 11, 2021affected < 2.4.46-9.37.1fixed 2.4.46-9.37.1
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This is
- CVE-2020-25692Dec 8, 2020affected < 2.4.46-9.40.1fixed 2.4.46-9.40.1
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.
- CVE-2020-8023Sep 1, 2020affected < 2.4.46-9.31.1fixed 2.4.46-9.31.1
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterpri
- CVE-2020-15719Jul 14, 2020affected < 2.4.46-9.34.1fixed 2.4.46-9.34.1
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat E
- CVE-2020-12243Apr 28, 2020affected < 2.4.46-9.28.2fixed 2.4.46-9.28.2
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
- CVE-2019-13565Jul 26, 2019affected < 2.4.46-9.19.2fixed 2.4.46-9.19.2
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covere
- CVE-2019-13057Jul 26, 2019affected < 2.4.46-9.19.2fixed 2.4.46-9.19.2
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from reque
- affected < 2.4.46-9.19.2fixed 2.4.46-9.19.2
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN ope