VYPR

Vendor CVEs

OpenLDAP

All CVEs

62 total · sorted by risk
  • CVE-2006-4600Sep 7, 2006
    risk 0.00cvss epss 0.03

    slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).

  • CVE-2006-2754Jun 1, 2006
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.

  • CVE-2005-4442Dec 21, 2005
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

  • CVE-2004-1880Dec 31, 2004
    risk 0.00cvss epss 0.02

    Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2004-0823Sep 7, 2004
    risk 0.00cvss epss 0.03

    OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers…

  • CVE-2003-1201Mar 20, 2003
    risk 0.00cvss epss 0.03

    ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation…

  • CVE-2002-1508Feb 19, 2003
    risk 0.00cvss epss 0.00

    slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.

  • CVE-2002-1379Jan 2, 2003
    risk 0.00cvss epss 0.03

    OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges.

  • CVE-2002-0045Jan 31, 2002
    risk 0.00cvss epss 0.02

    slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.

  • CVE-2001-0977Jul 16, 2001
    risk 0.00cvss epss 0.04

    slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

  • CVE-2000-0747Oct 20, 2000
    risk 0.00cvss epss 0.02

    The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.

  • CVE-2000-0748Oct 20, 2000
    risk 0.00cvss epss 0.00

    OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.

Page 2 of 2