Vulnerabilities > Openldap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-15719 | Improper Certificate Validation vulnerability in multiple products libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. | 4.2 |
| 2019-07-26 | CVE-2019-13057 | An issue was discovered in the server in OpenLDAP before 2.4.48. | 4.9 |
| 2017-09-05 | CVE-2017-14159 | Improper Initialization vulnerability in multiple products slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. | 4.7 |
| 2017-07-17 | CVE-2016-4984 | Race Condition vulnerability in Openldap Openldap-Servers /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it. | 4.7 |
| 2017-05-29 | CVE-2017-9287 | Double Free vulnerability in multiple products servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. | 6.5 |