pkg:Debian/389-ds-base

所有已知漏洞

• CRITICAL9.8CVE-2017-7551389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different retu…
  from 0, < 1.3.6.7-1
• CRITICAL9.8CVE-2016-5405389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Lin…
  from 0, < 1.3.5.15-1
• HIGH8.1CVE-2017-15135It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly…
  from 0, < 1.3.7.9-1
• HIGH7.5CVE-2026-9064A flaw was found in 389-ds-base.
  from 0
• HIGH7.5CVE-2024-3657A flaw was found in 389-ds-base.
  from 0, < 1.4.4.11-2+deb11u1
• HIGH7.5CVE-2022-1949An access control bypass vulnerability found in 389-ds-base.
  from 0
• HIGH7.5CVE-2022-0918A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to…
  from 0, < 1.4.4.11-2+deb11u1
• HIGH7.5CVE-2021-4091A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches.
  from 0, < 1.4.4.11-2+deb11u1
• HIGH7.5CVE-2019-3883389-ds-base - security update
  from 0, < 1.4.1.5-1
• HIGH7.5CVE-2019-3883389-ds-base - security update
  from 0, < 1.3.3.5-4+deb8u6
• HIGH7.5CVE-2018-14648389-ds-base - security update
  from 0, < 1.3.3.5-4+deb8u4
• HIGH7.5CVE-2018-14648389-ds-base - security update
  from 0, < 1.4.0.18-1
• HIGH7.5CVE-2018-14638A flaw was found in 389-ds-base before version 1.3.8.4-13.
  from 0, < 1.4.0.18-1
• HIGH7.5CVE-2018-14624389-ds-base - security update
  from 0, < 1.4.0.18-1
• HIGH7.5CVE-2018-14624389-ds-base - security update
  from 0, < 1.3.3.5-4+deb8u3
• HIGH7.5CVE-2018-1089389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibl…
  from 0, < 1.3.8.2-1
• HIGH7.5CVE-2017-2591389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "…
  from 0, < 1.3.5.15-2
• HIGH7.5CVE-2018-1054An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.…
  from 0, < 1.3.7.10-1
• HIGH7.5CVE-2017-15134A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled…
  from 0, < 1.3.7.9-1
• HIGH7.5CVE-2015-1854389-ds-base - security update
  from 0, < 1.3.3.5-4+deb8u1
• HIGH7.5CVE-2015-1854389-ds-base - security update
  from 0, < 1.3.3.10-1
• HIGH7.5CVE-2016-5416389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Lin…
  from 0
• HIGH7.5CVE-2016-4992389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Lin…
  from 0, < 1.3.5.13-1
• HIGH7.5CVE-2016-0741slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a den…
  from 0, < 1.3.4.8-1
• HIGH7.2CVE-2025-14905A flaw was found in the 389-ds-base server.
  from 0
• HIGH7.2CVE-2018-10871389-ds-base - security update
  from 0, < 1.4.0.15-1
• HIGH7.2CVE-2018-10871389-ds-base - security update
  from 0, < 1.3.3.5-4+deb8u2
• MEDIUM6.5CVE-2024-6237A flaw was found in the 389 Directory Server.
  from 0
• MEDIUM6.5CVE-2022-2850A flaw was found In 389-ds-base.
  from 0, < 1.4.4.11-2+deb11u1
• MEDIUM6.5CVE-2021-3652389-ds-base - security update
  from 0, < 1.4.4.11-2+deb11u1
• MEDIUM6.5CVE-2021-3652389-ds-base - security update
  from 0, < 1.4.4.11-2+deb11u1
• MEDIUM6.5CVE-2022-0996A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
  from 0, < 1.4.4.11-2+deb11u1
• MEDIUM6.5CVE-2021-3514When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted quer…
  from 0, < 1.4.4.11-2
• MEDIUM6.5CVE-2019-14824389-ds-base - security update
  from 0, < 1.3.3.5-4+deb8u7
• MEDIUM6.5CVE-2019-14824389-ds-base - security update
  from 0, < 1.4.2.4-1
• MEDIUM6.5CVE-2018-10935A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
  from 0, < 1.4.0.15-1
• MEDIUM6.5CVE-2017-2668389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled.
  from 0, < 1.3.5.17-1
• MEDIUM5.9CVE-2018-10850389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting…
  from 0, < 1.4.0.15-1
• MEDIUM5.7CVE-2024-8445The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios.
  from 0, < 1.4.4.11-2+deb11u1
• MEDIUM5.7CVE-2024-5953A denial of service vulnerability was found in the 389-ds-base LDAP server.
  from 0, < 1.4.4.11-2+deb11u1
• MEDIUM5.7CVE-2024-2199A denial of service vulnerability was found in 389-ds-base ldap server.
  from 0, < 1.4.4.11-2+deb11u1
• MEDIUM5.5CVE-2024-1062A heap overflow flaw was found in 389-ds-base.
  from 0
• MEDIUM5.5CVE-2023-1055A flaw was found in RHDS 11 and RHDS 12.
  from 0
• MEDIUM5.3CVE-2020-35518When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not.
  from 0, < 1.4.4.10-1
• MEDIUM4.9CVE-2025-2487A flaw was found in the 389-ds-base LDAP Server.
  from 0
• MEDIUM4.6CVE-2019-10224389-ds-base - security update
  from 0, < 1.4.1.5-1
• MEDIUM4.6CVE-2019-10224389-ds-base - security update
  from 0, < 1.4.0.21-1+deb10u1
• —CVE-2015-3230389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslS…
  from 0, < 1.3.3.12-1
• —CVE-2014-8112389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashe…
  from 0, < 1.3.3.5-4
• —CVE-2014-8105389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, whic…
  from 0, < 1.3.3.5-4
• —CVE-2013-0336The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.…
  from 0, < 1.3.2.9-1
• —CVE-2014-3562Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated meta…
  from 0, < 1.3.2.21-1
• —CVE-2014-0132The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary…
  from 0, < 1.3.2.9-1.1
• —CVE-2013-4485389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of servi…
  from 0, < 1.3.2.9-1
• —CVE-2013-4283ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distingui…
  from 0, < 1.3.2.9-1
• —CVE-2013-2219The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows r…
  from 0, < 1.3.2.9-1
• —CVE-2013-1897The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not prop…
  from 0, < 1.3.2.9-1
• —CVE-2013-0312389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.
  from 0, < 1.3.0.3-1
• —CVE-2012-4450389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authentica…
  from 0, < 1.2.11.15-1