CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0996 – 389-ds-base: expired password was still allowed to access the database
https://notcve.org/view.php?id=CVE-2022-0996
23 Mar 2022 — A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. Se encontró una vulnerabilidad en 389 Directory Server que permite que las contraseñas caducadas accedan a la base de datos para causar una autenticación inapropiada A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication. 389 Directory Server is an LDAP version 3 compliant serve... • https://bugzilla.redhat.com/show_bug.cgi?id=2064769 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 1%CPEs: 6EXPL: 0CVE-2020-35518 – 389-ds-base: information disclosure during the binding of a DN
https://notcve.org/view.php?id=CVE-2020-35518
16 Feb 2021 — When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. Cuando se vincula con un DN durante la autenticación, la respuesta de 389-ds-base será diferente si el DN se presenta o no. Esto puede ser usado por un atacante no autenticado para comprobar la existencia de una entrada en la base de datos de LDAP. Red Hat Directory Server is an LDA... • https://bugzilla.redhat.com/show_bug.cgi?id=1905565 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3282
https://notcve.org/view.php?id=CVE-2010-3282
09 Jan 2020 — 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. 389 Directory Server versiones anteriores a 1.2.7.1 (también se conoce como Red Hat Directory Server versión 8.2) y HP-UX Directory Server versiones anteriores a B.08.10.03, cu... • http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10224 – 389-ds-base: using dscreate in verbose mode results in information disclosure
https://notcve.org/view.php?id=CVE-2019-10224
06 Nov 2019 — A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information. Se ha encontrado un fallo en 389-ds-base versiones 1.4.x.x anteriores a 1.4.1.3. Cuando se ejecuta en modo verbose, los comandos dscreate y dsconf pueden mostrar informac... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10171 – 389-ds-base: Insufficient fix for CVE-2018-14648 denial of service in RHEL-7.5
https://notcve.org/view.php?id=CVE-2019-10171
16 Jul 2019 — It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service. Se detectó que la corrección para el CVE-2018-14648 en 389-ds-base, versiones 1.4.0.x anteriores a 1.4.0.17, se aplicó incorrectamente en RHEL versión 7.5. Un atacante podría aún ser capaz de provocar un consumo excesivo de CPU conllevando a una denegación de servicio. It was fo... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10171 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3883 – 389-ds-base: DoS via hanging secured connections
https://notcve.org/view.php?id=CVE-2019-3883
17 Apr 2019 — In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service. En 389-ds-base hasta la versión 1.4.1.2, las peticiones so... • https://access.redhat.com/errata/RHSA-2019:1896 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 10%CPEs: 3EXPL: 0CVE-2018-14648 – 389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service
https://notcve.org/view.php?id=CVE-2018-14648
28 Sep 2018 — A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. Se ha descubierto un problema en 389 Directory Server. Una cadena de consulta especialmente manipulada podría conducir a un consumo de CPU excesivo en la función do_search(). • https://access.redhat.com/errata/RHSA-2018:3127 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-14638 – 389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly
https://notcve.org/view.php?id=CVE-2018-14638
14 Sep 2018 — A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. Se ha descubierto un problema en versiones anteriores a la 1.3.8.4-13 de 389-ds-base. El proceso ns-slapd se cierra inesperadamente en la función delete_passwdPolicy cuando las conexiones de búsqueda persistente se terminan inesperadamente, lo que conduce a una denegación de servicio (DoS) r... • https://access.redhat.com/errata/RHSA-2018:2757 • CWE-400: Uncontrolled Resource Consumption CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10935 – 389-ds-base: ldapsearch with server side sort allows users to cause a crash
https://notcve.org/view.php?id=CVE-2018-10935
11 Sep 2018 — A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. Se ha detectado un error en 389 Directory Server que permite que los usuarios provoquen el cierre inesperado del servidor LDAP mediante el uso de ldapsearch con orden del lado del servidor. 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administra... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 2CVE-2018-14624 – 389-ds-base: Server crash through modify command with large DN
https://notcve.org/view.php?id=CVE-2018-14624
06 Sep 2018 — A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. Se ha descubierto una vulnerabilidad en 389-ds-base hasta las versiones 1.3.7.10, 1.3.8.8 y 1.4.0.16. El bloqueo que controla el registro de errores no se empleaba correctamente al reabrir el archivo d... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html • CWE-20: Improper Input Validation •