Search for packages
| purl | pkg:deb/debian/389-ds-base@1.4.4.11-2 |
| Next non-vulnerable version | 3.1.2+dfsg1-1 |
| Latest non-vulnerable version | 3.1.2+dfsg1-1 |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4tdy-umt6-4ubr
Aliases: CVE-2024-2199 |
389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c |
Affected by 4 other vulnerabilities. |
|
VCID-63rm-mq1r-5fbz
Aliases: CVE-2022-1949 |
389-ds-base: access control bypass by query (filter in LDAP terms) optimiser |
Affected by 4 other vulnerabilities. |
|
VCID-6f2q-qatg-kucr
Aliases: CVE-2024-6237 |
389-ds-base: unauthenticated user can trigger a DoS by sending a specific extended search request |
Affected by 0 other vulnerabilities. |
|
VCID-77rw-db6h-hya9
Aliases: CVE-2022-0918 |
389-ds-base: sending crafted message could result in DoS |
Affected by 4 other vulnerabilities. |
|
VCID-bpw5-xeju-93f3
Aliases: CVE-2023-1055 |
RHDS: LDAP browser tries to decode userPassword instead of userCertificate attribute |
Affected by 0 other vulnerabilities. |
|
VCID-hjvf-3mm8-xfhq
Aliases: CVE-2021-4091 |
389-ds-base: double free of the virtual attribute context in persistent search |
Affected by 4 other vulnerabilities. |
|
VCID-kbvd-dfmn-buat
Aliases: CVE-2024-1062 |
389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) |
Affected by 0 other vulnerabilities. |
|
VCID-knxk-357y-efhh
Aliases: CVE-2021-3652 |
389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed |
Affected by 4 other vulnerabilities. |
|
VCID-qkca-awn5-hfas
Aliases: CVE-2024-8445 |
389-ds-base: server crash while modifying `userPassword` using malformed input (Incomplete fix for CVE-2024-2199) |
Affected by 4 other vulnerabilities. |
|
VCID-qv4g-5kzs-9kfa
Aliases: CVE-2024-3657 |
389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request |
Affected by 4 other vulnerabilities. |
|
VCID-rffx-mwhe-tqe5
Aliases: CVE-2024-5953 |
389-ds-base: Malformed userPassword hash may cause Denial of Service |
Affected by 4 other vulnerabilities. |
|
VCID-vx15-pahy-ufbn
Aliases: CVE-2022-2850 |
389-ds-base: SIGSEGV in sync_repl |
Affected by 4 other vulnerabilities. |
|
VCID-x8k9-na1n-8fgj
Aliases: CVE-2022-0996 |
389-ds-base: expired password was still allowed to access the database |
Affected by 4 other vulnerabilities. |
|
VCID-xs3r-chc9-27dr
Aliases: CVE-2025-2487 |
389-ds-base: null pointer dereference leads to denial of service |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3paj-fqdp-yyg3 | 389-ds-base: using dscreate in verbose mode results in information disclosure |
CVE-2019-10224
|
| VCID-4tn2-her5-6fe1 | 389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control() |
CVE-2021-3514
|
| VCID-pexr-smr8-gbhh | 389-ds-base: information disclosure during the binding of a DN |
CVE-2020-35518
|
| VCID-wcyy-45hw-2fc6 | 389-ds-base: DoS via hanging secured connections |
CVE-2019-3883
|
| VCID-z7kp-3dwk-wkgr | 389-ds-base: Read permission check bypass via the deref plugin |
CVE-2019-14824
|