Search for packages
| purl | pkg:deb/debian/389-ds-base@1.4.0.21-1 |
| Next non-vulnerable version | 3.1.2+dfsg1-1 |
| Latest non-vulnerable version | 3.1.2+dfsg1-1 |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3paj-fqdp-yyg3
Aliases: CVE-2019-10224 |
389-ds-base: using dscreate in verbose mode results in information disclosure |
Affected by 14 other vulnerabilities. |
|
VCID-4tdy-umt6-4ubr
Aliases: CVE-2024-2199 |
389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c |
Affected by 4 other vulnerabilities. |
|
VCID-4tn2-her5-6fe1
Aliases: CVE-2021-3514 |
389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control() |
Affected by 14 other vulnerabilities. |
|
VCID-77rw-db6h-hya9
Aliases: CVE-2022-0918 |
389-ds-base: sending crafted message could result in DoS |
Affected by 4 other vulnerabilities. |
|
VCID-hjvf-3mm8-xfhq
Aliases: CVE-2021-4091 |
389-ds-base: double free of the virtual attribute context in persistent search |
Affected by 4 other vulnerabilities. |
|
VCID-knxk-357y-efhh
Aliases: CVE-2021-3652 |
389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed |
Affected by 4 other vulnerabilities. |
|
VCID-pexr-smr8-gbhh
Aliases: CVE-2020-35518 |
389-ds-base: information disclosure during the binding of a DN |
Affected by 14 other vulnerabilities. |
|
VCID-qkca-awn5-hfas
Aliases: CVE-2024-8445 |
389-ds-base: server crash while modifying `userPassword` using malformed input (Incomplete fix for CVE-2024-2199) |
Affected by 4 other vulnerabilities. |
|
VCID-qv4g-5kzs-9kfa
Aliases: CVE-2024-3657 |
389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request |
Affected by 4 other vulnerabilities. |
|
VCID-rffx-mwhe-tqe5
Aliases: CVE-2024-5953 |
389-ds-base: Malformed userPassword hash may cause Denial of Service |
Affected by 4 other vulnerabilities. |
|
VCID-vx15-pahy-ufbn
Aliases: CVE-2022-2850 |
389-ds-base: SIGSEGV in sync_repl |
Affected by 4 other vulnerabilities. |
|
VCID-wcyy-45hw-2fc6
Aliases: CVE-2019-3883 |
389-ds-base: DoS via hanging secured connections |
Affected by 14 other vulnerabilities. |
|
VCID-x8k9-na1n-8fgj
Aliases: CVE-2022-0996 |
389-ds-base: expired password was still allowed to access the database |
Affected by 4 other vulnerabilities. |
|
VCID-z7kp-3dwk-wkgr
Aliases: CVE-2019-14824 |
389-ds-base: Read permission check bypass via the deref plugin |
Affected by 14 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1cnv-xra9-d7fw | 389-ds-base: Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c |
CVE-2017-15134
|
| VCID-1emx-jre5-v7dm | 389-ds-base: ns-slapd crash via large filter value in ldapsearch |
CVE-2018-1089
|
| VCID-7teh-3vk4-a7du | 389-ds-base: Server crash through modify command with large DN |
CVE-2018-14624
|
| VCID-f3t3-vxrz-8uew | 389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly |
CVE-2018-14638
|
| VCID-gmg8-mepq-87ez | 389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service |
CVE-2018-14648
|
| VCID-hvag-zpvk-vqbw | 389-ds-base: ldapsearch with server side sort allows users to cause a crash |
CVE-2018-10935
|
| VCID-jge6-uqra-yba1 | 389-ds-base: Password brute-force possible for locked account due to different return codes |
CVE-2017-7551
|
| VCID-kkeh-mm7b-quc4 | 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c |
CVE-2018-1054
|
| VCID-s9es-be9s-t3h3 | 389-ds-base: race condition on reference counter leads to DoS using persistent search |
CVE-2018-10850
|
| VCID-vu7g-kqpe-83hq | 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c |
CVE-2017-15135
|
| VCID-yaw8-dzr7-hyha | 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default |
CVE-2018-10871
|