{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","type":"deb","namespace":"debian","name":"389-ds-base","version":"3.1.2+vendor1-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58386?format=json","vulnerability_id":"VCID-1ncv-1mvn-3ua2","summary":"389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1089.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1089.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1089","reference_id":"","reference_type":"","scores":[{"value":"0.14569","scoring_system":"epss","scoring_elements":"0.9459","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1089"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1559802","reference_id":"1559802","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1559802"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898138","reference_id":"898138","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1364","reference_id":"RHSA-2018:1364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1364"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1380","reference_id":"RHSA-2018:1380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1380"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87686?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.8.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.8.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-1089"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ncv-1mvn-3ua2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58383?format=json","vulnerability_id":"VCID-3182-86wa-ffgn","summary":"An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1054.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1054.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1054","reference_id":"","reference_type":"","scores":[{"value":"0.14722","scoring_system":"epss","scoring_elements":"0.94616","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1054"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1537314","reference_id":"1537314","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1537314"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892124","reference_id":"892124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0414","reference_id":"RHSA-2018:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0515","reference_id":"RHSA-2018:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87684?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.7.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.7.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-1054"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3182-86wa-ffgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58365?format=json","vulnerability_id":"VCID-3r2y-hb9m-r7bn","summary":"The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2219.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2219.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2219","reference_id":"","reference_type":"","scores":[{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51454","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2219"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718325","reference_id":"718325","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718325"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=979508","reference_id":"979508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=979508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1116","reference_id":"RHSA-2013:1116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1119","reference_id":"RHSA-2013:1119","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1119"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87671?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.2.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-2219"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3r2y-hb9m-r7bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58404?format=json","vulnerability_id":"VCID-4gwa-5ha9-2yep","summary":"A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3657.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3657.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274401","reference_id":"2274401","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3591","reference_id":"RHSA-2024:3591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3837","reference_id":"RHSA-2024:3837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4092","reference_id":"RHSA-2024:4092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4209","reference_id":"RHSA-2024:4209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4210","reference_id":"RHSA-2024:4210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4235","reference_id":"RHSA-2024:4235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4633","reference_id":"RHSA-2024:4633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5690","reference_id":"RHSA-2024:5690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6576","reference_id":"RHSA-2024:6576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7458","reference_id":"RHSA-2024:7458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1632","reference_id":"RHSA-2025:1632","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1632"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87692?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87697?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-3657"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gwa-5ha9-2yep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58358?format=json","vulnerability_id":"VCID-4v7k-pbgh-r7e8","summary":"The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0833.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0833.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0833","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43344","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0833"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=787014","reference_id":"787014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=787014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0813","reference_id":"RHSA-2012:0813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0549","reference_id":"RHSA-2013:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0549"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87665?format=json","purl":"pkg:deb/debian/389-ds-base@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-0833"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4v7k-pbgh-r7e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58402?format=json","vulnerability_id":"VCID-5mdk-bqm7-mkeu","summary":"A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1062.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1062.json"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066120","reference_id":"1066120","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066120"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261879","reference_id":"2261879","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1074","reference_id":"RHSA-2024:1074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1372","reference_id":"RHSA-2024:1372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3047","reference_id":"RHSA-2024:3047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4209","reference_id":"RHSA-2024:4209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4633","reference_id":"RHSA-2024:4633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5690","reference_id":"RHSA-2024:5690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7458","reference_id":"RHSA-2024:7458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1632","reference_id":"RHSA-2025:1632","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1632"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87696?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-1062"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mdk-bqm7-mkeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58405?format=json","vulnerability_id":"VCID-6668-ae1t-43bn","summary":"A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5953.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5953.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2292104","reference_id":"2292104","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2292104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4633","reference_id":"RHSA-2024:4633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4997","reference_id":"RHSA-2024:4997","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5192","reference_id":"RHSA-2024:5192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5690","reference_id":"RHSA-2024:5690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6153","reference_id":"RHSA-2024:6153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6568","reference_id":"RHSA-2024:6568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6569","reference_id":"RHSA-2024:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6576","reference_id":"RHSA-2024:6576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7458","reference_id":"RHSA-2024:7458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1632","reference_id":"RHSA-2025:1632","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1632"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87692?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87697?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-5953"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6668-ae1t-43bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58370?format=json","vulnerability_id":"VCID-6c9y-7uaz-tqau","summary":"389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8105.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8105.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8105","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64591","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8105"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1167858","reference_id":"1167858","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1167858"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779909","reference_id":"779909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779909"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0416","reference_id":"RHSA-2015:0416","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0416"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0628","reference_id":"RHSA-2015:0628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0628"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87674?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.3.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.3.5-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-8105"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6c9y-7uaz-tqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58408?format=json","vulnerability_id":"VCID-7dna-4mcn-jqd5","summary":"A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14905.json","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14905.json"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130910","reference_id":"1130910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130910"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423624","reference_id":"2423624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423624"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3189","reference_id":"RHSA-2026:3189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3208","reference_id":"RHSA-2026:3208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3379","reference_id":"RHSA-2026:3379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3504","reference_id":"RHSA-2026:3504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3504"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4207","reference_id":"RHSA-2026:4207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4661","reference_id":"RHSA-2026:4661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4720","reference_id":"RHSA-2026:4720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5196","reference_id":"RHSA-2026:5196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5511","reference_id":"RHSA-2026:5511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5512","reference_id":"RHSA-2026:5512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5513","reference_id":"RHSA-2026:5513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5514","reference_id":"RHSA-2026:5514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5568","reference_id":"RHSA-2026:5568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5569","reference_id":"RHSA-2026:5569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5576","reference_id":"RHSA-2026:5576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5597","reference_id":"RHSA-2026:5597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5598","reference_id":"RHSA-2026:5598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6220","reference_id":"RHSA-2026:6220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6268","reference_id":"RHSA-2026:6268","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6268"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2025-14905"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7dna-4mcn-jqd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58407?format=json","vulnerability_id":"VCID-7k3x-hspm-2bh1","summary":"The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8445.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8445.json"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082852","reference_id":"1082852","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082852"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310110","reference_id":"2310110","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310110"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7434","reference_id":"RHSA-2024:7434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7434"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87692?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87699?format=json","purl":"pkg:deb/debian/389-ds-base@2.0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-8445"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7k3x-hspm-2bh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58360?format=json","vulnerability_id":"VCID-7vgg-99uc-vycr","summary":"389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2746.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2746","reference_id":"","reference_type":"","scores":[{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.66689","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=833482","reference_id":"833482","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=833482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0997","reference_id":"RHSA-2012:0997","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1041","reference_id":"RHSA-2012:1041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1041"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87665?format=json","purl":"pkg:deb/debian/389-ds-base@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-2746"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vgg-99uc-vycr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58393?format=json","vulnerability_id":"VCID-8d2y-q7qm-ukba","summary":"A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14824.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14824.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14824","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.61101","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14824"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1747448","reference_id":"1747448","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1747448"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944150","reference_id":"944150","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3401","reference_id":"RHSA-2019:3401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3981","reference_id":"RHSA-2019:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0464","reference_id":"RHSA-2020:0464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0464"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87689?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14824"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8d2y-q7qm-ukba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58376?format=json","vulnerability_id":"VCID-92hm-bx5r-2kb5","summary":"389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5405.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5405.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5405","reference_id":"","reference_type":"","scores":[{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69633","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5405"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358865","reference_id":"1358865","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358865"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842121","reference_id":"842121","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2594","reference_id":"RHSA-2016:2594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2765","reference_id":"RHSA-2016:2765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2765"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87679?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.5.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.5.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2016-5405"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92hm-bx5r-2kb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58368?format=json","vulnerability_id":"VCID-9epx-69zs-zyat","summary":"The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0132.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0132.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0132","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63978","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0132"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1074845","reference_id":"1074845","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1074845"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741600","reference_id":"741600","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0292","reference_id":"RHSA-2014:0292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0292"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87672?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.2.9-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-0132"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9epx-69zs-zyat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58359?format=json","vulnerability_id":"VCID-9u6q-envm-dyej","summary":"389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2678.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2678.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2678","reference_id":"","reference_type":"","scores":[{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47012","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2678"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=829933","reference_id":"829933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=829933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0997","reference_id":"RHSA-2012:0997","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1041","reference_id":"RHSA-2012:1041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1041"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87665?format=json","purl":"pkg:deb/debian/389-ds-base@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-2678"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u6q-envm-dyej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58367?format=json","vulnerability_id":"VCID-aacx-55q8-b7e2","summary":"389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4485.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4485.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4485","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.5863","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4485"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1024552","reference_id":"1024552","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1024552"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730115","reference_id":"730115","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730115"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1752","reference_id":"RHSA-2013:1752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1753","reference_id":"RHSA-2013:1753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1753"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87671?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.2.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4485"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aacx-55q8-b7e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58381?format=json","vulnerability_id":"VCID-cuaw-efm3-5kb6","summary":"389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2668.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2668.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2668","reference_id":"","reference_type":"","scores":[{"value":"0.03115","scoring_system":"epss","scoring_elements":"0.87073","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2668"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436575","reference_id":"1436575","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436575"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860125","reference_id":"860125","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0893","reference_id":"RHSA-2017:0893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0920","reference_id":"RHSA-2017:0920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0920"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87682?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.5.17-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.5.17-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2017-2668"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cuaw-efm3-5kb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58363?format=json","vulnerability_id":"VCID-dvvv-bd2b-s7b7","summary":"The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0336.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0336.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0336","reference_id":"","reference_type":"","scores":[{"value":"0.01102","scoring_system":"epss","scoring_elements":"0.784","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0336"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704077","reference_id":"704077","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=913751","reference_id":"913751","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=913751"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87671?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.2.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-0336"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvvv-bd2b-s7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58394?format=json","vulnerability_id":"VCID-f4xw-eaee-tbaf","summary":"In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3883.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3883","reference_id":"","reference_type":"","scores":[{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75615","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3883"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1693612","reference_id":"1693612","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1693612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927939","reference_id":"927939","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1896","reference_id":"RHSA-2019:1896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3401","reference_id":"RHSA-2019:3401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3401"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87688?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.1.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.1.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2019-3883"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f4xw-eaee-tbaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58392?format=json","vulnerability_id":"VCID-fe6s-f2sw-tbdb","summary":"A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10224.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10224","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3407","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10224"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677147","reference_id":"1677147","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3401","reference_id":"RHSA-2019:3401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3401"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87688?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.1.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.1.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2019-10224"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fe6s-f2sw-tbdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58401?format=json","vulnerability_id":"VCID-ft29-jr9j-jbbm","summary":"A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1055.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1055.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1055","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19886","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1055"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034891","reference_id":"1034891","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034891"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2173517","reference_id":"2173517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2173517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3489","reference_id":"RHSA-2023:3489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3489"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4655","reference_id":"RHSA-2023:4655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4655"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87696?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2023-1055"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ft29-jr9j-jbbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58391?format=json","vulnerability_id":"VCID-hdg8-vfaw-uqg7","summary":"It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10171.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10171.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10171","reference_id":"","reference_type":"","scores":[{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59027","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10171"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1722081","reference_id":"1722081","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1722081"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1789","reference_id":"RHSA-2019:1789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1789"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87665?format=json","purl":"pkg:deb/debian/389-ds-base@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2019-10171"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdg8-vfaw-uqg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58361?format=json","vulnerability_id":"VCID-jjxe-hcke-fkg5","summary":"389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4450.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4450.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4450","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.5964","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4450"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688942","reference_id":"688942","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688942"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=860603","reference_id":"860603","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=860603"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0503","reference_id":"RHSA-2013:0503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87669?format=json","purl":"pkg:deb/debian/389-ds-base@1.2.11.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.2.11.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-4450"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjxe-hcke-fkg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58409?format=json","vulnerability_id":"VCID-k27f-tsq5-73fn","summary":"A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2487.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2487.json"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100994","reference_id":"1100994","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100994"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353071","reference_id":"2353071","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353071"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3663","reference_id":"RHSA-2025:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3670","reference_id":"RHSA-2025:3670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4491","reference_id":"RHSA-2025:4491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7395","reference_id":"RHSA-2025:7395","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7395"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87700?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2025-2487"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k27f-tsq5-73fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58384?format=json","vulnerability_id":"VCID-kgfj-ur5s-97hd","summary":"389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10850.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10850.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10850","reference_id":"","reference_type":"","scores":[{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81716","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10850"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588056","reference_id":"1588056","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588056"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903501","reference_id":"903501","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2757","reference_id":"RHSA-2018:2757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2757"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87685?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.0.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-10850"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgfj-ur5s-97hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58369?format=json","vulnerability_id":"VCID-ktrv-uvt3-ykcf","summary":"Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3562.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3562.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3562","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54157","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3562"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1123477","reference_id":"1123477","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1123477"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757437","reference_id":"757437","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1031","reference_id":"RHSA-2014:1031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1032","reference_id":"RHSA-2014:1032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1032"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87673?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.2.21-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-3562"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ktrv-uvt3-ykcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58385?format=json","vulnerability_id":"VCID-kyw9-xd61-effu","summary":"389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10871.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10871.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10871","reference_id":"","reference_type":"","scores":[{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58265","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591480","reference_id":"1591480","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3401","reference_id":"RHSA-2019:3401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3401"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87685?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.0.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-10871"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kyw9-xd61-effu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58372?format=json","vulnerability_id":"VCID-m9ab-q9cx-suhk","summary":"389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1854.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1854","reference_id":"","reference_type":"","scores":[{"value":"0.01632","scoring_system":"epss","scoring_elements":"0.82244","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1854"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1209573","reference_id":"1209573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1209573"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783923","reference_id":"783923","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783923"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0895","reference_id":"RHSA-2015:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0895"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87675?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.3.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-1854"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9ab-q9cx-suhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58382?format=json","vulnerability_id":"VCID-pqup-v2we-kqat","summary":"389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7551.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7551.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7551","reference_id":"","reference_type":"","scores":[{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49886","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7551"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1477669","reference_id":"1477669","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1477669"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870752","reference_id":"870752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2569","reference_id":"RHSA-2017:2569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2569"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87683?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.6.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.6.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2017-7551"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqup-v2we-kqat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58362?format=json","vulnerability_id":"VCID-pxnj-31yc-skdy","summary":"389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0312.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0312","reference_id":"","reference_type":"","scores":[{"value":"0.01382","scoring_system":"epss","scoring_elements":"0.80635","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0312"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=912964","reference_id":"912964","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=912964"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0628","reference_id":"RHSA-2013:0628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0628"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87670?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.0.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.0.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-0312"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pxnj-31yc-skdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58373?format=json","vulnerability_id":"VCID-qybp-25x7-6fak","summary":"389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3230.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3230","reference_id":"","reference_type":"","scores":[{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70024","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3230"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232096","reference_id":"1232096","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232096"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789202","reference_id":"789202","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789202"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87676?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.3.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.3.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-3230"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qybp-25x7-6fak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58364?format=json","vulnerability_id":"VCID-rmk2-n5rk-effn","summary":"The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1897.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1897.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1897","reference_id":"","reference_type":"","scores":[{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68744","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1897"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704421","reference_id":"704421","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=928105","reference_id":"928105","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=928105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0742","reference_id":"RHSA-2013:0742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87671?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.2.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-1897"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rmk2-n5rk-effn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58397?format=json","vulnerability_id":"VCID-sfpm-3ead-t7ds","summary":"A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0918.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0918.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0918","reference_id":"","reference_type":"","scores":[{"value":"0.07668","scoring_system":"epss","scoring_elements":"0.92042","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0918"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016445","reference_id":"1016445","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016445"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055815","reference_id":"2055815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2210","reference_id":"RHSA-2022:2210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5239","reference_id":"RHSA-2022:5239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5620","reference_id":"RHSA-2022:5620","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5620"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5823","reference_id":"RHSA-2022:5823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8162","reference_id":"RHSA-2022:8162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8976","reference_id":"RHSA-2022:8976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8976"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87692?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87694?format=json","purl":"pkg:deb/debian/389-ds-base@2.0.15-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.0.15-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2022-0918"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfpm-3ead-t7ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58366?format=json","vulnerability_id":"VCID-smzx-qr5q-k3h7","summary":"ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4283.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4283.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4283","reference_id":"","reference_type":"","scores":[{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73612","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4283"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721222","reference_id":"721222","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721222"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=999634","reference_id":"999634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=999634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1182","reference_id":"RHSA-2013:1182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1182"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87671?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.2.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.2.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4283"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-smzx-qr5q-k3h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58403?format=json","vulnerability_id":"VCID-svne-c12c-hucb","summary":"A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2199.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2199.json"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072531","reference_id":"1072531","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072531"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2267976","reference_id":"2267976","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2267976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3591","reference_id":"RHSA-2024:3591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3837","reference_id":"RHSA-2024:3837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4092","reference_id":"RHSA-2024:4092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4209","reference_id":"RHSA-2024:4209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4210","reference_id":"RHSA-2024:4210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4235","reference_id":"RHSA-2024:4235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4633","reference_id":"RHSA-2024:4633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5690","reference_id":"RHSA-2024:5690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1632","reference_id":"RHSA-2025:1632","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1632"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87692?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87697?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-2199"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svne-c12c-hucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7226?format=json","vulnerability_id":"VCID-sz1r-ts2d-uqam","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3514","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58482","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3514"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952907","reference_id":"1952907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952907"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727","reference_id":"988727","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727"},{"reference_url":"https://security.archlinux.org/ASA-202107-72","reference_id":"ASA-202107-72","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-72"},{"reference_url":"https://security.archlinux.org/AVG-2206","reference_id":"AVG-2206","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2595","reference_id":"RHSA-2021:2595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2796","reference_id":"RHSA-2021:2796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3955","reference_id":"RHSA-2021:3955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0952","reference_id":"RHSA-2022:0952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0952"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-3514"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sz1r-ts2d-uqam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58379?format=json","vulnerability_id":"VCID-ta8n-wu4n-qqfq","summary":"It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15135.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15135.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15135","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48901","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15135"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1525628","reference_id":"1525628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1525628"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888451","reference_id":"888451","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0414","reference_id":"RHSA-2018:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0515","reference_id":"RHSA-2018:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87680?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.7.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.7.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2017-15135"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ta8n-wu4n-qqfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58389?format=json","vulnerability_id":"VCID-tjhk-xzr6-p7dx","summary":"A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14638.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14638.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14638","reference_id":"","reference_type":"","scores":[{"value":"0.01033","scoring_system":"epss","scoring_elements":"0.77696","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14638"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1626079","reference_id":"1626079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1626079"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908859","reference_id":"908859","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908859"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2757","reference_id":"RHSA-2018:2757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2757"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87687?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.0.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.18-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-14638"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tjhk-xzr6-p7dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58396?format=json","vulnerability_id":"VCID-twz6-mtum-qbck","summary":"A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4091.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4091.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4091","reference_id":"","reference_type":"","scores":[{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57095","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4091"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030307","reference_id":"2030307","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0628","reference_id":"RHSA-2022:0628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0889","reference_id":"RHSA-2022:0889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0952","reference_id":"RHSA-2022:0952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1410","reference_id":"RHSA-2022:1410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1410"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87692?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87693?format=json","purl":"pkg:deb/debian/389-ds-base@2.0.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.0.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-4091"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twz6-mtum-qbck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58374?format=json","vulnerability_id":"VCID-u5q1-nkup-f7ga","summary":"slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0741.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0741.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0741","reference_id":"","reference_type":"","scores":[{"value":"0.0402","scoring_system":"epss","scoring_elements":"0.88667","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0741"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1299416","reference_id":"1299416","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1299416"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0204","reference_id":"RHSA-2016:0204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0204"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87677?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.4.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.4.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2016-0741"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5q1-nkup-f7ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58406?format=json","vulnerability_id":"VCID-ud9m-jz3k-bfhm","summary":"A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6237.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6237.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2293579","reference_id":"2293579","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2293579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4997","reference_id":"RHSA-2024:4997","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5192","reference_id":"RHSA-2024:5192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5192"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87698?format=json","purl":"pkg:deb/debian/389-ds-base@2.4.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.4.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-6237"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ud9m-jz3k-bfhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58371?format=json","vulnerability_id":"VCID-ueg3-4qem-nqgh","summary":"389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores \"unhashed\" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8112.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8112","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54451","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172729","reference_id":"1172729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172729"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779909","reference_id":"779909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779909"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0416","reference_id":"RHSA-2015:0416","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0416"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87674?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.3.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.3.5-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-8112"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ueg3-4qem-nqgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58398?format=json","vulnerability_id":"VCID-uz8q-6ydj-x3cu","summary":"A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0996.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0996.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0996","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40619","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0996"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064769","reference_id":"2064769","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5239","reference_id":"RHSA-2022:5239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5620","reference_id":"RHSA-2022:5620","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5620"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5823","reference_id":"RHSA-2022:5823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8162","reference_id":"RHSA-2022:8162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8976","reference_id":"RHSA-2022:8976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8976"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87692?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87693?format=json","purl":"pkg:deb/debian/389-ds-base@2.0.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.0.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2022-0996"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uz8q-6ydj-x3cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7225?format=json","vulnerability_id":"VCID-v1ut-bxzt-kqet","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3652","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30174","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982782","reference_id":"1982782","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982782"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405","reference_id":"991405","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405"},{"reference_url":"https://security.archlinux.org/ASA-202107-72","reference_id":"ASA-202107-72","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-72"},{"reference_url":"https://security.archlinux.org/AVG-2206","reference_id":"AVG-2206","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3079","reference_id":"RHSA-2021:3079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3807","reference_id":"RHSA-2021:3807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3906","reference_id":"RHSA-2021:3906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3955","reference_id":"RHSA-2021:3955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3955"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87692?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87691?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.17-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.17-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-3652"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1ut-bxzt-kqet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58395?format=json","vulnerability_id":"VCID-v94q-q9gt-zkcq","summary":"When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35518","reference_id":"","reference_type":"","scores":[{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.7442","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35518"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905565","reference_id":"1905565","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905565"},{"reference_url":"https://security.archlinux.org/AVG-1482","reference_id":"AVG-1482","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0599","reference_id":"RHSA-2021:0599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1086","reference_id":"RHSA-2021:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1243","reference_id":"RHSA-2021:1243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1258","reference_id":"RHSA-2021:1258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2323","reference_id":"RHSA-2021:2323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2323"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87690?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2020-35518"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v94q-q9gt-zkcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58399?format=json","vulnerability_id":"VCID-vadc-mdbp-q3g9","summary":"An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1949.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1949.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1949","reference_id":"","reference_type":"","scores":[{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.6945","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1949"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016446","reference_id":"1016446","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016446"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2091781","reference_id":"2091781","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2091781"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87695?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2022-1949"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vadc-mdbp-q3g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58390?format=json","vulnerability_id":"VCID-wvqp-u8kz-8bd4","summary":"A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14648.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14648","reference_id":"","reference_type":"","scores":[{"value":"0.07503","scoring_system":"epss","scoring_elements":"0.91937","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14648"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1630668","reference_id":"1630668","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1630668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3127","reference_id":"RHSA-2018:3127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3507","reference_id":"RHSA-2018:3507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3507"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87687?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.0.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.18-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-14648"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvqp-u8kz-8bd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58388?format=json","vulnerability_id":"VCID-xryf-2vae-j7gk","summary":"A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14624.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14624.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14624","reference_id":"","reference_type":"","scores":[{"value":"0.01478","scoring_system":"epss","scoring_elements":"0.81314","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1619450","reference_id":"1619450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1619450"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907778","reference_id":"907778","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2757","reference_id":"RHSA-2018:2757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2757"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87687?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.0.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.18-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-14624"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xryf-2vae-j7gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58400?format=json","vulnerability_id":"VCID-xv3p-gza9-4bcg","summary":"A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2850.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2850.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2850","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58075","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2850"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018054","reference_id":"1018054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018054"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2118691","reference_id":"2118691","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2118691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7087","reference_id":"RHSA-2022:7087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7133","reference_id":"RHSA-2022:7133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8162","reference_id":"RHSA-2022:8162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8680","reference_id":"RHSA-2022:8680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8886","reference_id":"RHSA-2022:8886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8976","reference_id":"RHSA-2022:8976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0479","reference_id":"RHSA-2023:0479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0479"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87692?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87695?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2022-2850"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xv3p-gza9-4bcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58375?format=json","vulnerability_id":"VCID-yrgr-fu6h-ykh9","summary":"389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4992.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4992.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4992","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63701","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4992"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347760","reference_id":"1347760","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347760"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2594","reference_id":"RHSA-2016:2594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2765","reference_id":"RHSA-2016:2765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2765"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87678?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.5.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.5.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2016-4992"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrgr-fu6h-ykh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58380?format=json","vulnerability_id":"VCID-ytmc-t4we-y7gr","summary":"389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the \"attribute uniqueness\" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2591.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2591.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2591","reference_id":"","reference_type":"","scores":[{"value":"0.02774","scoring_system":"epss","scoring_elements":"0.86321","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2591"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1381481","reference_id":"1381481","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1381481"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851769","reference_id":"851769","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851769"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87681?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.5.15-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.5.15-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2017-2591"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ytmc-t4we-y7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58378?format=json","vulnerability_id":"VCID-znf9-cydr-nqbm","summary":"A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15134.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15134.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15134","reference_id":"","reference_type":"","scores":[{"value":"0.05689","scoring_system":"epss","scoring_elements":"0.90563","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15134"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1531573","reference_id":"1531573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1531573"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888452","reference_id":"888452","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0163","reference_id":"RHSA-2018:0163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0163"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87680?format=json","purl":"pkg:deb/debian/389-ds-base@1.3.7.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.7.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2017-15134"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znf9-cydr-nqbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58387?format=json","vulnerability_id":"VCID-zrba-h7st-jbgz","summary":"A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10935.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10935.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10935","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63268","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10935"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1613606","reference_id":"1613606","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1613606"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906985","reference_id":"906985","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906985"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2757","reference_id":"RHSA-2018:2757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2757"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87685?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.0.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-10935"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrba-h7st-jbgz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}