CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 0CVE-2007-6698 – openldap: slapd crash on NOOP control operation on entry in bdb storage
https://notcve.org/view.php?id=CVE-2007-6698
01 Feb 2008 — The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. El backend de BDB para slapd en OpenLDAP versiones anteriores a 2.3.36, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de una operación de modificación potencialmente con éxito con el control NOOP establecido... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 10%CPEs: 119EXPL: 0CVE-2007-5707 – openldap slapd DoS via objectClasses attribute
https://notcve.org/view.php?id=CVE-2007-5707
30 Oct 2007 — OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. OpenLDAP versiones anteriores a 2.3.39, permite a atacantes remotos causar una denegación de servicio (bloqueo de slapd) por medio de una petición LDAP con un atributo objectClasses malformado. NOTA: esto ha sido reportado como doble liberación, pero los reportes son incoherente... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 119EXPL: 0CVE-2007-5708
https://notcve.org/view.php?id=CVE-2007-5708
30 Oct 2007 — slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated. slapo-pcache (overlays/pcache.c) en slapd en OpenLDAP versiones anteriores a 2.3.39, cuando es ejecutado como un servidor de almacenamiento e... • http://secunia.com/advisories/27424 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 15%CPEs: 119EXPL: 3CVE-2006-6493 – OpenLDAP 2.4.3 - 'KBIND' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6493
13 Dec 2006 — Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data. Desbordamiento de búfer en la función krbv4_ldap_auth de servers/slapd/kerberos.c en OpenLDAP 2.4.3 y versiones anteriores, cuando el OpenLDAP es compilado con la opción kbind (Ker... • https://www.exploit-db.com/exploits/2933 •
CVSS: 7.5EPSS: 75%CPEs: 4EXPL: 5CVE-2006-5779
https://notcve.org/view.php?id=CVE-2006-5779
07 Nov 2006 — OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. Vulnerabilidad no especificada en el paquete openldap-2.2.29-1 de OpenLDAP en Fedora Core 4 (FC4), permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante cierta combinación de peticiones LDAP BIND que disparan un fallo de aserción. • http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 2%CPEs: 12EXPL: 0CVE-2006-2754
https://notcve.org/view.php?id=CVE-2006-2754
01 Jun 2006 — Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname. • http://secunia.com/advisories/20126 •
CVSS: 7.8EPSS: 0%CPEs: 82EXPL: 0CVE-2005-4442
https://notcve.org/view.php?id=CVE-2005-4442
21 Dec 2005 — Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. • http://secunia.com/advisories/18040 •