Search for packages
| purl | pkg:deb/debian/389-ds-base@1.3.5.17-2 |
| Next non-vulnerable version | 3.1.2+dfsg1-1 |
| Latest non-vulnerable version | 3.1.2+dfsg1-1 |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1cnv-xra9-d7fw
Aliases: CVE-2017-15134 |
389-ds-base: Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c |
Affected by 14 other vulnerabilities. |
|
VCID-1emx-jre5-v7dm
Aliases: CVE-2018-1089 |
389-ds-base: ns-slapd crash via large filter value in ldapsearch |
Affected by 14 other vulnerabilities. |
|
VCID-3paj-fqdp-yyg3
Aliases: CVE-2019-10224 |
389-ds-base: using dscreate in verbose mode results in information disclosure |
Affected by 14 other vulnerabilities. |
|
VCID-4tdy-umt6-4ubr
Aliases: CVE-2024-2199 |
389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c |
Affected by 4 other vulnerabilities. |
|
VCID-4tn2-her5-6fe1
Aliases: CVE-2021-3514 |
389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control() |
Affected by 14 other vulnerabilities. |
|
VCID-77rw-db6h-hya9
Aliases: CVE-2022-0918 |
389-ds-base: sending crafted message could result in DoS |
Affected by 4 other vulnerabilities. |
|
VCID-7teh-3vk4-a7du
Aliases: CVE-2018-14624 |
389-ds-base: Server crash through modify command with large DN |
Affected by 14 other vulnerabilities. |
|
VCID-f3t3-vxrz-8uew
Aliases: CVE-2018-14638 |
389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly |
Affected by 14 other vulnerabilities. |
|
VCID-gmg8-mepq-87ez
Aliases: CVE-2018-14648 |
389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service |
Affected by 14 other vulnerabilities. |
|
VCID-hjvf-3mm8-xfhq
Aliases: CVE-2021-4091 |
389-ds-base: double free of the virtual attribute context in persistent search |
Affected by 4 other vulnerabilities. |
|
VCID-hvag-zpvk-vqbw
Aliases: CVE-2018-10935 |
389-ds-base: ldapsearch with server side sort allows users to cause a crash |
Affected by 14 other vulnerabilities. |
|
VCID-jge6-uqra-yba1
Aliases: CVE-2017-7551 |
389-ds-base: Password brute-force possible for locked account due to different return codes |
Affected by 14 other vulnerabilities. |
|
VCID-kkeh-mm7b-quc4
Aliases: CVE-2018-1054 |
389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c |
Affected by 14 other vulnerabilities. |
|
VCID-knxk-357y-efhh
Aliases: CVE-2021-3652 |
389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed |
Affected by 4 other vulnerabilities. |
|
VCID-pexr-smr8-gbhh
Aliases: CVE-2020-35518 |
389-ds-base: information disclosure during the binding of a DN |
Affected by 14 other vulnerabilities. |
|
VCID-qkca-awn5-hfas
Aliases: CVE-2024-8445 |
389-ds-base: server crash while modifying `userPassword` using malformed input (Incomplete fix for CVE-2024-2199) |
Affected by 4 other vulnerabilities. |
|
VCID-qv4g-5kzs-9kfa
Aliases: CVE-2024-3657 |
389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request |
Affected by 4 other vulnerabilities. |
|
VCID-rffx-mwhe-tqe5
Aliases: CVE-2024-5953 |
389-ds-base: Malformed userPassword hash may cause Denial of Service |
Affected by 4 other vulnerabilities. |
|
VCID-s9es-be9s-t3h3
Aliases: CVE-2018-10850 |
389-ds-base: race condition on reference counter leads to DoS using persistent search |
Affected by 14 other vulnerabilities. |
|
VCID-vu7g-kqpe-83hq
Aliases: CVE-2017-15135 |
389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c |
Affected by 14 other vulnerabilities. |
|
VCID-vx15-pahy-ufbn
Aliases: CVE-2022-2850 |
389-ds-base: SIGSEGV in sync_repl |
Affected by 4 other vulnerabilities. |
|
VCID-wcyy-45hw-2fc6
Aliases: CVE-2019-3883 |
389-ds-base: DoS via hanging secured connections |
Affected by 14 other vulnerabilities. |
|
VCID-x8k9-na1n-8fgj
Aliases: CVE-2022-0996 |
389-ds-base: expired password was still allowed to access the database |
Affected by 4 other vulnerabilities. |
|
VCID-yaw8-dzr7-hyha
Aliases: CVE-2018-10871 |
389-ds-base: replication and the Retro Changelog plugin store plaintext password by default |
Affected by 14 other vulnerabilities. |
|
VCID-z7kp-3dwk-wkgr
Aliases: CVE-2019-14824 |
389-ds-base: Read permission check bypass via the deref plugin |
Affected by 14 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-34te-4xhe-17h2 | 389-ds-base: worker threads do not detect abnormally closed connections causing DoS |
CVE-2016-0741
|
| VCID-ewv4-4dk9-8bew | 389-ds-base: Password verification vulnerable to timing attack |
CVE-2016-5405
|
| VCID-gmpt-rg5q-n3dk | 389-ds-base: nsSSL3Ciphers preference not enforced server side (regression) |
CVE-2015-3230
|
| VCID-n9jd-zew1-77d7 | 389-ds-base: Heap buffer overflow in uiduniq.c |
CVE-2017-2591
|
| VCID-wk61-n55m-j3fg | 389-ds-base: Remote crash via crafted LDAP messages |
CVE-2017-2668
|
| VCID-wqg4-uer5-u3fd | 389-ds-base: Information disclosure via repeated use of LDAP ADD operation |
CVE-2016-4992
|
| VCID-xq1g-upbu-x7dp | 389-ds-base: access control bypass with modrdn |
CVE-2015-1854
|