Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/87668?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "389-ds-base", "version": "3.1.2+dfsg1-1+deb13u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.1.2+vendor1-2", "latest_non_vulnerable_version": "3.1.2+vendor1-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58386?format=api", "vulnerability_id": "VCID-1ncv-1mvn-3ua2", "summary": "389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1089.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1089.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1089", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14569", "scoring_system": "epss", "scoring_elements": "0.9459", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14569", "scoring_system": "epss", "scoring_elements": "0.94599", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.14569", "scoring_system": "epss", "scoring_elements": "0.946", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.14569", "scoring_system": "epss", "scoring_elements": "0.94602", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1089" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1089", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1089" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559802", "reference_id": "1559802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559802" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898138", "reference_id": "898138", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1364", "reference_id": "RHSA-2018:1364", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1364" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1380", "reference_id": "RHSA-2018:1380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1380" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87686?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.8.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.8.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1089" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ncv-1mvn-3ua2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58383?format=api", "vulnerability_id": "VCID-3182-86wa-ffgn", "summary": "An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1054.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1054.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14722", "scoring_system": "epss", "scoring_elements": "0.94616", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14722", "scoring_system": "epss", "scoring_elements": "0.94624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.14722", "scoring_system": "epss", "scoring_elements": "0.94625", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.14722", "scoring_system": "epss", "scoring_elements": "0.94626", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1054" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537314", "reference_id": "1537314", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537314" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892124", "reference_id": "892124", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0414", "reference_id": "RHSA-2018:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0515", "reference_id": "RHSA-2018:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87684?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.7.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.7.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1054" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3182-86wa-ffgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58365?format=api", "vulnerability_id": "VCID-3r2y-hb9m-r7bn", "summary": "The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2219.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2219.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51454", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51515", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51521", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51499", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51466", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2219" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2219" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718325", "reference_id": "718325", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718325" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=979508", "reference_id": "979508", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=979508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1116", "reference_id": "RHSA-2013:1116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1119", "reference_id": "RHSA-2013:1119", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1119" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87671?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.2.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2219" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3r2y-hb9m-r7bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58404?format=api", "vulnerability_id": "VCID-4gwa-5ha9-2yep", "summary": "A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3657.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3657.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.68338", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.68315", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.6833", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3657" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401", "reference_id": "2274401", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.7::el8", "reference_id": "cpe:/a:redhat:directory_server:11.7::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.7::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.8::el8", "reference_id": "cpe:/a:redhat:directory_server:11.8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.9::el8", "reference_id": "cpe:/a:redhat:directory_server:11.9::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.9::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12.4::el9", "reference_id": "cpe:/a:redhat:directory_server:12.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.5::el8", "reference_id": "cpe:/a:redhat:directory_server_e4s:11.5::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.5::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_eus:12.2::el9", "reference_id": "cpe:/a:redhat:directory_server_eus:12.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_eus:12.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::client", "reference_id": "cpe:/o:redhat:enterprise_linux:7::client", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::client" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::computenode", "reference_id": "cpe:/o:redhat:enterprise_linux:7::computenode", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::computenode" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::server", "reference_id": "cpe:/o:redhat:enterprise_linux:7::server", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::server" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::workstation", "reference_id": "cpe:/o:redhat:enterprise_linux:7::workstation", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::workstation" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-3657", "reference_id": "CVE-2024-3657", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-3657" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3591", "reference_id": "RHSA-2024:3591", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3837", "reference_id": "RHSA-2024:3837", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4092", "reference_id": "RHSA-2024:4092", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4209", "reference_id": "RHSA-2024:4209", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4210", "reference_id": "RHSA-2024:4210", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4235", "reference_id": "RHSA-2024:4235", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4633", "reference_id": "RHSA-2024:4633", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5690", "reference_id": "RHSA-2024:5690", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:5690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6576", "reference_id": "RHSA-2024:6576", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7458", "reference_id": "RHSA-2024:7458", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1632", "reference_id": "RHSA-2025:1632", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:48:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1632" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87692?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87697?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.1%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-3657" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gwa-5ha9-2yep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58358?format=api", "vulnerability_id": "VCID-4v7k-pbgh-r7e8", "summary": "The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0833.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43344", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43417", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43427", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43403", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43369", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0833" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=787014", "reference_id": "787014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=787014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0813", "reference_id": "RHSA-2012:0813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0549", "reference_id": "RHSA-2013:0549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0549" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87665?format=api", "purl": "pkg:deb/debian/389-ds-base@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-0833" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4v7k-pbgh-r7e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58402?format=api", "vulnerability_id": "VCID-5mdk-bqm7-mkeu", "summary": "A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1062.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0826", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08239", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08247", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08187", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1062" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066120", "reference_id": "1066120", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066120" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261879", "reference_id": "2261879", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:45Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261879" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.7::el8", "reference_id": "cpe:/a:redhat:directory_server:11.7::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.7::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.8::el8", "reference_id": "cpe:/a:redhat:directory_server:11.8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12", "reference_id": "cpe:/a:redhat:directory_server:12", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.5::el8", "reference_id": "cpe:/a:redhat:directory_server_e4s:11.5::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.5::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_eus:12.2::el9", "reference_id": "cpe:/a:redhat:directory_server_eus:12.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_eus:12.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1062", "reference_id": "CVE-2024-1062", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:45Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1074", "reference_id": "RHSA-2024:1074", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1372", "reference_id": "RHSA-2024:1372", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3047", "reference_id": "RHSA-2024:3047", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4209", "reference_id": "RHSA-2024:4209", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4633", "reference_id": "RHSA-2024:4633", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5690", "reference_id": "RHSA-2024:5690", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:5690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7458", "reference_id": "RHSA-2024:7458", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1632", "reference_id": "RHSA-2025:1632", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256711", "reference_id": "show_bug.cgi?id=2256711", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:45Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256711" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87696?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.4%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.4%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-1062" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mdk-bqm7-mkeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58405?format=api", "vulnerability_id": "VCID-6668-ae1t-43bn", "summary": "A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5953.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5953.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30316", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3041", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30375", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30347", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5953" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292104", "reference_id": "2292104", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292104" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.7::el8", "reference_id": "cpe:/a:redhat:directory_server:11.7::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.7::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.9::el8", "reference_id": "cpe:/a:redhat:directory_server:11.9::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.9::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12.4::el9", "reference_id": "cpe:/a:redhat:directory_server:12.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.5::el8", "reference_id": "cpe:/a:redhat:directory_server_e4s:11.5::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.5::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_eus:12.2::el9", "reference_id": "cpe:/a:redhat:directory_server_eus:12.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_eus:12.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-5953", "reference_id": "CVE-2024-5953", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-5953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4633", "reference_id": "RHSA-2024:4633", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4997", "reference_id": "RHSA-2024:4997", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5192", "reference_id": "RHSA-2024:5192", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:5192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5690", "reference_id": "RHSA-2024:5690", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:5690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6153", "reference_id": "RHSA-2024:6153", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6568", "reference_id": "RHSA-2024:6568", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6569", "reference_id": "RHSA-2024:6569", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6576", "reference_id": "RHSA-2024:6576", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7458", "reference_id": "RHSA-2024:7458", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1632", "reference_id": "RHSA-2025:1632", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:32:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1632" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87692?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87697?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.1%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-5953" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6668-ae1t-43bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58370?format=api", "vulnerability_id": "VCID-6c9y-7uaz-tqau", "summary": "389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8105.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8105.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64591", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64632", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64641", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.6463", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.6462", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8105" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167858", "reference_id": "1167858", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167858" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779909", "reference_id": "779909", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779909" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0416", "reference_id": "RHSA-2015:0416", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0416" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0628", "reference_id": "RHSA-2015:0628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0628" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87674?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.3.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.3.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8105" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6c9y-7uaz-tqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58408?format=api", "vulnerability_id": "VCID-7dna-4mcn-jqd5", "summary": "A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14905.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14905.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14905", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54924", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54943", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54952", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130910", "reference_id": "1130910", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130910" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423624", "reference_id": "2423624", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423624" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.9::el8", "reference_id": "cpe:/a:redhat:directory_server:11.9::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.9::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12", "reference_id": "cpe:/a:redhat:directory_server:12", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:13", "reference_id": "cpe:/a:redhat:directory_server:13", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:13.1::el10", "reference_id": "cpe:/a:redhat:directory_server:13.1::el10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:13.1::el10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.5::el8", "reference_id": "cpe:/a:redhat:directory_server_e4s:11.5::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.5::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.7::el8", "reference_id": "cpe:/a:redhat:directory_server_e4s:11.7::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.7::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:12.2::el9", "reference_id": "cpe:/a:redhat:directory_server_e4s:12.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:12.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_eus:12.4::el9", "reference_id": "cpe:/a:redhat:directory_server_eus:12.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_eus:12.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.6::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1", "reference_id": "cpe:/o:redhat:enterprise_linux:10.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux_eus:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-14905", "reference_id": "CVE-2025-14905", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-14905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3189", "reference_id": "RHSA-2026:3189", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3208", "reference_id": "RHSA-2026:3208", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3379", "reference_id": "RHSA-2026:3379", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3379" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3504", "reference_id": "RHSA-2026:3504", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3504" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4207", "reference_id": "RHSA-2026:4207", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4661", "reference_id": "RHSA-2026:4661", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4720", "reference_id": "RHSA-2026:4720", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5196", "reference_id": "RHSA-2026:5196", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5511", "reference_id": "RHSA-2026:5511", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5512", "reference_id": "RHSA-2026:5512", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5513", "reference_id": "RHSA-2026:5513", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5514", "reference_id": "RHSA-2026:5514", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5568", "reference_id": "RHSA-2026:5568", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5569", "reference_id": "RHSA-2026:5569", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5576", "reference_id": "RHSA-2026:5576", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5597", "reference_id": "RHSA-2026:5597", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5597" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5598", "reference_id": "RHSA-2026:5598", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6220", "reference_id": "RHSA-2026:6220", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6268", "reference_id": "RHSA-2026:6268", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-23T18:49:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6268" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-14905" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7dna-4mcn-jqd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58407?format=api", "vulnerability_id": "VCID-7k3x-hspm-2bh1", "summary": "The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8445.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8445.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8445", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22921", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.23034", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2302", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22976", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8445" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8445", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8445" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082852", "reference_id": "1082852", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082852" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310110", "reference_id": "2310110", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:58:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310110" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11", "reference_id": "cpe:/a:redhat:directory_server:11", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12", "reference_id": "cpe:/a:redhat:directory_server:12", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8445", "reference_id": "CVE-2024-8445", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:58:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7434", "reference_id": "RHSA-2024:7434", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:58:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7434" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87692?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87699?format=api", "purl": "pkg:deb/debian/389-ds-base@2.0.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.0.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-8445" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7k3x-hspm-2bh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58360?format=api", "vulnerability_id": "VCID-7vgg-99uc-vycr", "summary": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2746.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2746.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2746", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66689", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66729", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66737", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66723", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66707", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2746" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=833482", "reference_id": "833482", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=833482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0997", "reference_id": "RHSA-2012:0997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1041", "reference_id": "RHSA-2012:1041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1041" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87665?format=api", "purl": "pkg:deb/debian/389-ds-base@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2746" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vgg-99uc-vycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58393?format=api", "vulnerability_id": "VCID-8d2y-q7qm-ukba", "summary": "A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14824.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14824.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.61101", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.61149", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.61157", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.61144", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.61126", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14824" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747448", "reference_id": "1747448", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747448" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944150", "reference_id": "944150", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3401", "reference_id": "RHSA-2019:3401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3981", "reference_id": "RHSA-2019:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0464", "reference_id": "RHSA-2020:0464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0464" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87689?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.2.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.2.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14824" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8d2y-q7qm-ukba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58376?format=api", "vulnerability_id": "VCID-92hm-bx5r-2kb5", "summary": "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5405.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5405.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69633", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69673", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69659", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6968", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6967", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5405" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358865", "reference_id": "1358865", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358865" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842121", "reference_id": "842121", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2594", "reference_id": "RHSA-2016:2594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2765", "reference_id": "RHSA-2016:2765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2765" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87679?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.5.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.5.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-5405" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92hm-bx5r-2kb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58368?format=api", "vulnerability_id": "VCID-9epx-69zs-zyat", "summary": "The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0132.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0132.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63978", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.6402", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64028", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64018", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64006", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0132" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0132", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0132" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074845", "reference_id": "1074845", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074845" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741600", "reference_id": "741600", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741600" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0292", "reference_id": "RHSA-2014:0292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0292" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87672?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.2.9-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0132" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9epx-69zs-zyat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58359?format=api", "vulnerability_id": "VCID-9u6q-envm-dyej", "summary": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2678.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2678.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2678", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47012", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47077", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.4708", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47062", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47033", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2678" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=829933", "reference_id": "829933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0997", "reference_id": "RHSA-2012:0997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1041", "reference_id": "RHSA-2012:1041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1041" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87665?format=api", "purl": "pkg:deb/debian/389-ds-base@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2678" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9u6q-envm-dyej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58367?format=api", "vulnerability_id": "VCID-aacx-55q8-b7e2", "summary": "389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4485.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4485.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4485", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.5863", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58677", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58684", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58676", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58661", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4485" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4485", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4485" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1024552", "reference_id": "1024552", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1024552" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730115", "reference_id": "730115", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730115" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1752", "reference_id": "RHSA-2013:1752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1753", "reference_id": "RHSA-2013:1753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1753" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87671?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.2.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4485" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aacx-55q8-b7e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58381?format=api", "vulnerability_id": "VCID-cuaw-efm3-5kb6", "summary": "389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2668.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2668.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03115", "scoring_system": "epss", "scoring_elements": "0.87073", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03115", "scoring_system": "epss", "scoring_elements": "0.87096", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03115", "scoring_system": "epss", "scoring_elements": "0.87093", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03115", "scoring_system": "epss", "scoring_elements": "0.87088", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.03115", "scoring_system": "epss", "scoring_elements": "0.87084", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2668" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436575", "reference_id": "1436575", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436575" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860125", "reference_id": "860125", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0893", "reference_id": "RHSA-2017:0893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0920", "reference_id": "RHSA-2017:0920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0920" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87682?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.5.17-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.5.17-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-2668" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cuaw-efm3-5kb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58363?format=api", "vulnerability_id": "VCID-dvvv-bd2b-s7b7", "summary": "The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0336.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0336.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.784", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78428", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78436", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78426", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78414", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0336" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0336", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0336" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704077", "reference_id": "704077", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=913751", "reference_id": "913751", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913751" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87671?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.2.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0336" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dvvv-bd2b-s7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58394?format=api", "vulnerability_id": "VCID-f4xw-eaee-tbaf", "summary": "In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75615", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75643", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75622", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75646", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75635", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3883" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693612", "reference_id": "1693612", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693612" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927939", "reference_id": "927939", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1896", "reference_id": "RHSA-2019:1896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3401", "reference_id": "RHSA-2019:3401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3401" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87688?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.1.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.1.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-3883" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4xw-eaee-tbaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58392?format=api", "vulnerability_id": "VCID-fe6s-f2sw-tbdb", "summary": "A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.3407", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.3417", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34119", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34186", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34152", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10224" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677147", "reference_id": "1677147", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3401", "reference_id": "RHSA-2019:3401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3401" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87688?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.1.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.1.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10224" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fe6s-f2sw-tbdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58401?format=api", "vulnerability_id": "VCID-ft29-jr9j-jbbm", "summary": "A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1055.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1055.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19886", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19846", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19956", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19914", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19962", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1055" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1055", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1055" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034891", "reference_id": "1034891", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034891" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173517", "reference_id": "2173517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173517" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI/", "reference_id": "MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:02:37Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3489", "reference_id": "RHSA-2023:3489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4655", "reference_id": "RHSA-2023:4655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4655" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0", "reference_id": "show_bug.cgi?id=2173517#c0", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:02:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87696?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.4%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.4%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-1055" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ft29-jr9j-jbbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58391?format=api", "vulnerability_id": "VCID-hdg8-vfaw-uqg7", "summary": "It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10171.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10171.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59027", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59075", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59056", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.5908", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59072", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10171" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1722081", "reference_id": "1722081", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1722081" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1789", "reference_id": "RHSA-2019:1789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1789" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87665?format=api", "purl": "pkg:deb/debian/389-ds-base@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10171" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdg8-vfaw-uqg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58361?format=api", "vulnerability_id": "VCID-jjxe-hcke-fkg5", "summary": "389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4450.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4450.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5964", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59691", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59694", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59685", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59666", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4450" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688942", "reference_id": "688942", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688942" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=860603", "reference_id": "860603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860603" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0503", "reference_id": "RHSA-2013:0503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87669?format=api", "purl": "pkg:deb/debian/389-ds-base@1.2.11.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.2.11.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4450" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjxe-hcke-fkg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58409?format=api", "vulnerability_id": "VCID-k27f-tsq5-73fn", "summary": "A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2487.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2487.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2487", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.2424", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24184", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24125", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24257", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2487" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100994", "reference_id": "1100994", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100994" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353071", "reference_id": "2353071", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T17:48:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353071" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12", "reference_id": "cpe:/a:redhat:directory_server:12", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_eus:12.4::el9", "reference_id": "cpe:/a:redhat:directory_server_eus:12.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_eus:12.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-2487", "reference_id": "CVE-2025-2487", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T17:48:01Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-2487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3663", "reference_id": "RHSA-2025:3663", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T17:48:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3670", "reference_id": "RHSA-2025:3670", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T17:48:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4491", "reference_id": "RHSA-2025:4491", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T17:48:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7395", "reference_id": "RHSA-2025:7395", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T17:48:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:7395" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87700?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-2487" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k27f-tsq5-73fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58384?format=api", "vulnerability_id": "VCID-kgfj-ur5s-97hd", "summary": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10850.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10850.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10850", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81716", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81746", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81747", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.8174", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10850" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588056", "reference_id": "1588056", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588056" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903501", "reference_id": "903501", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2757", "reference_id": "RHSA-2018:2757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2757" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87685?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.0.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10850" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgfj-ur5s-97hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58369?format=api", "vulnerability_id": "VCID-ktrv-uvt3-ykcf", "summary": "Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3562.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3562.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54157", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54213", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54221", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54211", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54188", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3562" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123477", "reference_id": "1123477", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123477" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757437", "reference_id": "757437", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1031", "reference_id": "RHSA-2014:1031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1032", "reference_id": "RHSA-2014:1032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1032" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87673?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.2.21-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.21-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3562" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktrv-uvt3-ykcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58385?format=api", "vulnerability_id": "VCID-kyw9-xd61-effu", "summary": "389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10871.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10871.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10871", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58265", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58314", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58296", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58321", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58311", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10871" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10871" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591480", "reference_id": "1591480", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3401", "reference_id": "RHSA-2019:3401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3401" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87685?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.0.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10871" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kyw9-xd61-effu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58372?format=api", "vulnerability_id": "VCID-m9ab-q9cx-suhk", "summary": "389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1854.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1854.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6299", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82244", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82273", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82275", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1854" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209573", "reference_id": "1209573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209573" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783923", "reference_id": "783923", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783923" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0895", "reference_id": "RHSA-2015:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0895" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87675?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.3.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.3.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-1854" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m9ab-q9cx-suhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58382?format=api", "vulnerability_id": "VCID-pqup-v2we-kqat", "summary": "389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7551.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7551.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7551", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.49886", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.49947", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.49957", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.49939", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.49911", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7551" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7551", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7551" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477669", "reference_id": "1477669", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477669" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870752", "reference_id": "870752", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2569", "reference_id": "RHSA-2017:2569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2569" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87683?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.6.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.6.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7551" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqup-v2we-kqat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58362?format=api", "vulnerability_id": "VCID-pxnj-31yc-skdy", "summary": "389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0312.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01382", "scoring_system": "epss", "scoring_elements": "0.80635", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01382", "scoring_system": "epss", "scoring_elements": "0.80661", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01382", "scoring_system": "epss", "scoring_elements": "0.80662", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01382", "scoring_system": "epss", "scoring_elements": "0.80659", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01382", "scoring_system": "epss", "scoring_elements": "0.80655", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0312" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=912964", "reference_id": "912964", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0628", "reference_id": "RHSA-2013:0628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0628" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87670?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.0.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.0.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0312" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxnj-31yc-skdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58373?format=api", "vulnerability_id": "VCID-qybp-25x7-6fak", "summary": "389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3230.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70024", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70065", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70073", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70055", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70043", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3230" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232096", "reference_id": "1232096", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232096" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789202", "reference_id": "789202", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789202" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87676?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.3.12-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.3.12-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3230" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qybp-25x7-6fak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58364?format=api", "vulnerability_id": "VCID-rmk2-n5rk-effn", "summary": "The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1897.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1897.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68744", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68783", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68792", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68785", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68769", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1897" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704421", "reference_id": "704421", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704421" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=928105", "reference_id": "928105", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=928105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0742", "reference_id": "RHSA-2013:0742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87671?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.2.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1897" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rmk2-n5rk-effn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58397?format=api", "vulnerability_id": "VCID-sfpm-3ead-t7ds", "summary": "A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0918.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0918.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0918", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07668", "scoring_system": "epss", "scoring_elements": "0.92042", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07668", "scoring_system": "epss", "scoring_elements": "0.92054", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07668", "scoring_system": "epss", "scoring_elements": "0.92051", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.07668", "scoring_system": "epss", "scoring_elements": "0.92052", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07668", "scoring_system": "epss", "scoring_elements": "0.9205", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0918" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016445", "reference_id": "1016445", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016445" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815", "reference_id": "2055815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2210", "reference_id": "RHSA-2022:2210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5239", "reference_id": "RHSA-2022:5239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5620", "reference_id": "RHSA-2022:5620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5620" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5823", "reference_id": "RHSA-2022:5823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8162", "reference_id": "RHSA-2022:8162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8976", "reference_id": "RHSA-2022:8976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8976" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87692?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87694?format=api", "purl": "pkg:deb/debian/389-ds-base@2.0.15-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.0.15-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-0918" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sfpm-3ead-t7ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58366?format=api", "vulnerability_id": "VCID-smzx-qr5q-k3h7", "summary": "ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4283.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73612", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73648", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73652", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73639", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73624", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4283" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721222", "reference_id": "721222", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721222" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=999634", "reference_id": "999634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999634" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1182", "reference_id": "RHSA-2013:1182", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1182" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87671?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.2.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4283" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-smzx-qr5q-k3h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58403?format=api", "vulnerability_id": "VCID-svne-c12c-hucb", "summary": "A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2199.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25648", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.256", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25542", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25658", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2199" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072531", "reference_id": "1072531", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072531" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267976", "reference_id": "2267976", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:52:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267976" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.8::el8", "reference_id": "cpe:/a:redhat:directory_server:11.8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.9::el8", "reference_id": "cpe:/a:redhat:directory_server:11.9::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11.9::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12.4::el9", "reference_id": "cpe:/a:redhat:directory_server:12.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.5::el8", "reference_id": "cpe:/a:redhat:directory_server_e4s:11.5::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server_e4s:11.5::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::client", "reference_id": "cpe:/o:redhat:enterprise_linux:7::client", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::client" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::computenode", "reference_id": "cpe:/o:redhat:enterprise_linux:7::computenode", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::computenode" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::server", "reference_id": "cpe:/o:redhat:enterprise_linux:7::server", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::server" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::workstation", "reference_id": "cpe:/o:redhat:enterprise_linux:7::workstation", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::workstation" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-2199", "reference_id": "CVE-2024-2199", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:52:25Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-2199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3591", "reference_id": "RHSA-2024:3591", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:52:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3837", "reference_id": "RHSA-2024:3837", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:52:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4092", "reference_id": "RHSA-2024:4092", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:52:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4209", "reference_id": "RHSA-2024:4209", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:52:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4210", "reference_id": "RHSA-2024:4210", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:52:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4235", "reference_id": "RHSA-2024:4235", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:52:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4633", "reference_id": "RHSA-2024:4633", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:52:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5690", "reference_id": "RHSA-2024:5690", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:52:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:5690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1632", "reference_id": "RHSA-2025:1632", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:52:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1632" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87692?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87697?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.1%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-2199" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svne-c12c-hucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7226?format=api", "vulnerability_id": "VCID-sz1r-ts2d-uqam", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53665", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58528", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58482", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58538", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.5853", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3514" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952907", "reference_id": "1952907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952907" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727", "reference_id": "988727", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727" }, { "reference_url": "https://security.archlinux.org/ASA-202107-72", "reference_id": "ASA-202107-72", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-72" }, { "reference_url": "https://security.archlinux.org/AVG-2206", "reference_id": "AVG-2206", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2595", "reference_id": "RHSA-2021:2595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2796", "reference_id": "RHSA-2021:2796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3955", "reference_id": "RHSA-2021:3955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0952", "reference_id": "RHSA-2022:0952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0952" }, { "reference_url": "https://usn.ubuntu.com/USN-5231-1/", "reference_id": "USN-USN-5231-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5231-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3514" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sz1r-ts2d-uqam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58379?format=api", "vulnerability_id": "VCID-ta8n-wu4n-qqfq", "summary": "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15135.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15135.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48901", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48962", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48972", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48953", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48924", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15135" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628", "reference_id": "1525628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888451", "reference_id": "888451", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0414", "reference_id": "RHSA-2018:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0515", "reference_id": "RHSA-2018:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87680?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.7.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.7.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15135" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ta8n-wu4n-qqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58389?format=api", "vulnerability_id": "VCID-tjhk-xzr6-p7dx", "summary": "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14638.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14638.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77696", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77724", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77709", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77731", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.7772", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14638" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1626079", "reference_id": "1626079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1626079" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908859", "reference_id": "908859", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908859" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2757", "reference_id": "RHSA-2018:2757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2757" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87687?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.0.18-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14638" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tjhk-xzr6-p7dx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58396?format=api", "vulnerability_id": "VCID-twz6-mtum-qbck", "summary": "A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4091.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4091.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4091", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57095", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57146", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57128", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57154", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57143", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4091" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030307", "reference_id": "2030307", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030307" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0628", "reference_id": "RHSA-2022:0628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0889", "reference_id": "RHSA-2022:0889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0952", "reference_id": "RHSA-2022:0952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1410", "reference_id": "RHSA-2022:1410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1410" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87692?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87693?format=api", "purl": "pkg:deb/debian/389-ds-base@2.0.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.0.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-4091" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twz6-mtum-qbck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58374?format=api", "vulnerability_id": "VCID-u5q1-nkup-f7ga", "summary": "slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0741.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0741.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0741", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0402", "scoring_system": "epss", "scoring_elements": "0.88667", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0402", "scoring_system": "epss", "scoring_elements": "0.88684", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0402", "scoring_system": "epss", "scoring_elements": "0.88685", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0402", "scoring_system": "epss", "scoring_elements": "0.88682", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0741" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1299416", "reference_id": "1299416", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1299416" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0204", "reference_id": "RHSA-2016:0204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0204" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87677?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.4.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.4.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-0741" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u5q1-nkup-f7ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58406?format=api", "vulnerability_id": "VCID-ud9m-jz3k-bfhm", "summary": "A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6237.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.78034", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.78049", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.78056", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.78045", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6237" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293579", "reference_id": "2293579", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:16:20Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293579" }, { "reference_url": "https://github.com/389ds/389-ds-base/issues/5989", "reference_id": "5989", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:16:20Z/" } ], "url": "https://github.com/389ds/389-ds-base/issues/5989" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11", "reference_id": "cpe:/a:redhat:directory_server:11", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12.4::el9", "reference_id": "cpe:/a:redhat:directory_server:12.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-6237", "reference_id": "CVE-2024-6237", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:16:20Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-6237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4997", "reference_id": "RHSA-2024:4997", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:16:20Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5192", "reference_id": "RHSA-2024:5192", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:16:20Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:5192" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87698?format=api", "purl": "pkg:deb/debian/389-ds-base@2.4.5%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.4.5%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-6237" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ud9m-jz3k-bfhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58371?format=api", "vulnerability_id": "VCID-ueg3-4qem-nqgh", "summary": "389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores \"unhashed\" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8112.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8112.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54451", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54508", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54518", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54507", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54486", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8112" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8112", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8112" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729", "reference_id": "1172729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779909", "reference_id": "779909", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779909" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0416", "reference_id": "RHSA-2015:0416", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0416" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87674?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.3.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.3.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8112" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ueg3-4qem-nqgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58398?format=api", "vulnerability_id": "VCID-uz8q-6ydj-x3cu", "summary": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0996.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0996.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40619", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40699", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40647", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40704", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40676", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0996" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0996", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0996" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769", "reference_id": "2064769", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5239", "reference_id": "RHSA-2022:5239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5620", "reference_id": "RHSA-2022:5620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5620" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5823", "reference_id": "RHSA-2022:5823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8162", "reference_id": "RHSA-2022:8162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8976", "reference_id": "RHSA-2022:8976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8976" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87692?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87693?format=api", "purl": "pkg:deb/debian/389-ds-base@2.0.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.0.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-0996" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uz8q-6ydj-x3cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7225?format=api", "vulnerability_id": "VCID-v1ut-bxzt-kqet", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30174", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30151", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30213", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30181", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30248", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3652" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982782", "reference_id": "1982782", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982782" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405", "reference_id": "991405", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405" }, { "reference_url": "https://security.archlinux.org/ASA-202107-72", "reference_id": "ASA-202107-72", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-72" }, { "reference_url": "https://security.archlinux.org/AVG-2206", "reference_id": "AVG-2206", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3079", "reference_id": "RHSA-2021:3079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3807", "reference_id": "RHSA-2021:3807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3906", "reference_id": "RHSA-2021:3906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3955", "reference_id": "RHSA-2021:3955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3955" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87692?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87691?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.17-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.17-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3652" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1ut-bxzt-kqet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58395?format=api", "vulnerability_id": "VCID-v94q-q9gt-zkcq", "summary": "When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35518", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.7442", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74428", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74457", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74446", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74452", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565", "reference_id": "1905565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565" }, { "reference_url": "https://security.archlinux.org/AVG-1482", "reference_id": "AVG-1482", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0599", "reference_id": "RHSA-2021:0599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1086", "reference_id": "RHSA-2021:1086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1243", "reference_id": "RHSA-2021:1243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1243" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1258", "reference_id": "RHSA-2021:1258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2323", "reference_id": "RHSA-2021:2323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2323" }, { "reference_url": "https://usn.ubuntu.com/USN-5231-1/", "reference_id": "USN-USN-5231-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5231-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87690?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35518" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v94q-q9gt-zkcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58399?format=api", "vulnerability_id": "VCID-vadc-mdbp-q3g9", "summary": "An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1949.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1949.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.6945", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69489", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69475", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69497", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69487", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1949" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1949", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1949" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016446", "reference_id": "1016446", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016446" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091781", "reference_id": "2091781", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091781" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87695?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-1949" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vadc-mdbp-q3g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58390?format=api", "vulnerability_id": "VCID-wvqp-u8kz-8bd4", "summary": "A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14648.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07503", "scoring_system": "epss", "scoring_elements": "0.91937", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07503", "scoring_system": "epss", "scoring_elements": "0.91949", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07503", "scoring_system": "epss", "scoring_elements": "0.9195", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07503", "scoring_system": "epss", "scoring_elements": "0.91948", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14648" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14648", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14648" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630668", "reference_id": "1630668", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630668" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3127", "reference_id": "RHSA-2018:3127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3507", "reference_id": "RHSA-2018:3507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3507" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87687?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.0.18-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14648" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvqp-u8kz-8bd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58388?format=api", "vulnerability_id": "VCID-xryf-2vae-j7gk", "summary": "A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14624.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14624.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14624", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01478", "scoring_system": "epss", "scoring_elements": "0.81314", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01478", "scoring_system": "epss", "scoring_elements": "0.81341", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01478", "scoring_system": "epss", "scoring_elements": "0.81337", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01478", "scoring_system": "epss", "scoring_elements": "0.81344", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01478", "scoring_system": "epss", "scoring_elements": "0.81342", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14624" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619450", "reference_id": "1619450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619450" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907778", "reference_id": "907778", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2757", "reference_id": "RHSA-2018:2757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2757" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87687?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.0.18-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14624" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xryf-2vae-j7gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58400?format=api", "vulnerability_id": "VCID-xv3p-gza9-4bcg", "summary": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2850.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2850.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2850", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58126", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58108", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58122", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58075", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58133", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2850" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018054", "reference_id": "1018054", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018054" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691", "reference_id": "2118691", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:06:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-2850", "reference_id": "CVE-2022-2850", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:06:25Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-2850" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:06:25Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7087", "reference_id": "RHSA-2022:7087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7133", "reference_id": "RHSA-2022:7133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8162", "reference_id": "RHSA-2022:8162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8680", "reference_id": "RHSA-2022:8680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8886", "reference_id": "RHSA-2022:8886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8976", "reference_id": "RHSA-2022:8976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0479", "reference_id": "RHSA-2023:0479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0479" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87692?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87695?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-2850" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xv3p-gza9-4bcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58375?format=api", "vulnerability_id": "VCID-yrgr-fu6h-ykh9", "summary": "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4992.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4992.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63701", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63743", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63749", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63742", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63729", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4992" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4992", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4992" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347760", "reference_id": "1347760", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347760" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2594", "reference_id": "RHSA-2016:2594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2765", "reference_id": "RHSA-2016:2765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2765" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87678?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.5.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.5.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4992" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrgr-fu6h-ykh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58380?format=api", "vulnerability_id": "VCID-ytmc-t4we-y7gr", "summary": "389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the \"attribute uniqueness\" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2591.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2591.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2591", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02774", "scoring_system": "epss", "scoring_elements": "0.86321", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02774", "scoring_system": "epss", "scoring_elements": "0.86343", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02774", "scoring_system": "epss", "scoring_elements": "0.86329", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02774", "scoring_system": "epss", "scoring_elements": "0.86344", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02774", "scoring_system": "epss", "scoring_elements": "0.86341", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2591" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2591", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2591" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381481", "reference_id": "1381481", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381481" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851769", "reference_id": "851769", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851769" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87681?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.5.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-2591" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ytmc-t4we-y7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58378?format=api", "vulnerability_id": "VCID-znf9-cydr-nqbm", "summary": "A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15134.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15134.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05689", "scoring_system": "epss", "scoring_elements": "0.90563", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05689", "scoring_system": "epss", "scoring_elements": "0.90577", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05689", "scoring_system": "epss", "scoring_elements": "0.90575", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05689", "scoring_system": "epss", "scoring_elements": "0.90574", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15134" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15134", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531573", "reference_id": "1531573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531573" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888452", "reference_id": "888452", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0163", "reference_id": "RHSA-2018:0163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0163" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87680?format=api", "purl": "pkg:deb/debian/389-ds-base@1.3.7.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.7.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15134" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znf9-cydr-nqbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58387?format=api", "vulnerability_id": "VCID-zrba-h7st-jbgz", "summary": "A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10935.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10935.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63268", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63312", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63296", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63319", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63309", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10935" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10935" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1613606", "reference_id": "1613606", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1613606" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906985", "reference_id": "906985", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906985" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2757", "reference_id": "RHSA-2018:2757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2757" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87685?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.0.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87666?format=api", "purl": "pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" }, { "vulnerability": "VCID-vadc-mdbp-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87664?format=api", "purl": "pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5mdk-bqm7-mkeu" }, { "vulnerability": "VCID-7dna-4mcn-jqd5" }, { "vulnerability": "VCID-ft29-jr9j-jbbm" }, { "vulnerability": "VCID-k27f-tsq5-73fn" }, { "vulnerability": "VCID-ud9m-jz3k-bfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87668?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87667?format=api", "purl": "pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10935" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrba-h7st-jbgz" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie" }