4 results (0.002 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. • http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0060.html http://bugs.gentoo.org/show_bug.cgi?id=96767 http://bugzilla.padl.com/show_bug.cgi?id=210 http://bugzilla.padl.com/show_bug.cgi?id=211 http://secunia.com/advisories/17233 http://secunia.com/advisories/17845 http://secunia.com/advisories/21520 http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm http://www.gentoo.org/security/en/glsa/glsa-200507-13.xml http://www.openldap.org/its/inde • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code. • http://www.padl.com/Articles/PotentialBufferOverflowin.html https://access.redhat.com/security/cve/CVE-2002-0825 https://bugzilla.redhat.com/show_bug.cgi?id=1616816 •

CVSS: 7.5EPSS: 5%CPEs: 17EXPL: 0

Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages. Vulnerabilidad de cadena de formato en la función logging() en el módulo de autenticación de C-Note Squid LDAP 2.0.2 y anteriores permite que un atacante remoto provoque una denegación de servicio y, posiblemente, ejecute código arbitrario desencadenando mensajes de log. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html http://marc.info/?l=vuln-dev&m=102070267500932&w=2 http://online.securityfocus.com/archive/1/271173 http://www.iss.net/security_center/static/9019.php http://www.securityfocus.com/bid/4679 •

CVSS: 1.2EPSS: 0%CPEs: 3EXPL: 0

nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests. • http://www.linux-mandrake.com/en/security/MDKSA-2000-066-1.php3 http://www.redhat.com/support/errata/RHSA-2000-024.html http://www.securityfocus.com/bid/1863 https://exchange.xforce.ibmcloud.com/vulnerabilities/5449 •