Page 2 of 40 results (0.011 seconds)

CVSS: 7.8EPSS: 3%CPEs: 3EXPL: 0

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. Se ha descubierto un problema en 389 Directory Server. Una cadena de consulta especialmente manipulada podría conducir a un consumo de CPU excesivo en la función do_search(). • https://access.redhat.com/errata/RHSA-2018:3127 https://access.redhat.com/errata/RHSA-2018:3507 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648 https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html https://access.redhat.com/security/cve/CVE-2018-14648 https://bugzilla.redhat.com/show_bug.cgi?id=1630668 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. Se ha descubierto un problema en versiones anteriores a la 1.3.8.4-13 de 389-ds-base. El proceso ns-slapd se cierra inesperadamente en la función delete_passwdPolicy cuando las conexiones de búsqueda persistente se terminan inesperadamente, lo que conduce a una denegación de servicio (DoS) remota. A double-free of a password policy structure was found in the way slapd was handling certain errors during persistent search. • https://access.redhat.com/errata/RHSA-2018:2757 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638 https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73 https://access.redhat.com/security/cve/CVE-2018-14638 https://bugzilla.redhat.com/show_bug.cgi?id=1626079 • CWE-400: Uncontrolled Resource Consumption CWE-415: Double Free •

CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. Se ha detectado un error en 389 Directory Server que permite que los usuarios provoquen el cierre inesperado del servidor LDAP mediante el uso de ldapsearch con orden del lado del servidor. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html https://access.redhat.com/errata/RHSA-2018:2757 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10935 https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html https://access.redhat.com/security/cve/CVE-2018-10935 https://bugzilla.redhat.com/show_bug.cgi?id=1613606 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 2

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. Se ha descubierto una vulnerabilidad en 389-ds-base hasta las versiones 1.3.7.10, 1.3.8.8 y 1.4.0.16. El bloqueo que controla el registro de errores no se empleaba correctamente al reabrir el archivo de registro en log__error_emergency(). • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html https://access.redhat.com/errata/RHSA-2018:2757 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624 https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html https://pagure.io/389-ds-base/issue/49937 https://access.redhat.com/security/cve/CVE-2018-14624 https://bugzilla.redhat.com/show_bug.cgi?id=1619450 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords. 389-ds-base en versiones anteriores a la 1.3.8.5 y 1.4.0.12 es vulnerable al almacenamiento en texto claro de información sensible. Por defecto, cuando los plugins Replica y/o retroChangeLog están habilitados, 389-ds-base almacena contraseñas en formato de texto plano en sus respectivos archivos changelog. Un atacante con los suficientes privilegios elevados, como root o Directory Manager, puede consultar esos archivos para recuperar contraseñas en texto plano. • https://access.redhat.com/errata/RHSA-2019:3401 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871 https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html https://pagure.io/389-ds-base/issue/49789 https://access.redhat.com/security/cve/CVE-2018-10871 https://bugzilla.redhat.com/show_bug.cgi?id=1591480 • CWE-312: Cleartext Storage of Sensitive Information •