Vulnerabilities > Openldap > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-26 | CVE-2019-13057 | An issue was discovered in the server in OpenLDAP before 2.4.48. | 3.5 |
| 2017-09-05 | CVE-2017-14159 | Improper Initialization vulnerability in multiple products slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. | 1.9 |
| 2017-07-17 | CVE-2016-4984 | Race Condition vulnerability in Openldap Openldap-Servers /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it. | 1.9 |
| 2012-06-29 | CVE-2012-1164 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openldap slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. | 2.6 |
| 2006-09-07 | CVE-2006-4600 | Unspecified vulnerability in Openldap slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN). | 2.3 |
| 2003-02-19 | CVE-2002-1508 | Local Security vulnerability in Openldap 2.0 slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests. | 1.2 |
| 2000-04-21 | CVE-2000-0336 | Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. | 2.1 |