rpm package

opensuse/389-ds&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/389-ds&distro=openSUSE%20Tumbleweed

Vulnerabilities (26)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-15134		—	< 2.0.10~git0.21dd2802c-1.1	2.0.10~git0.21dd2802c-1.1	Mar 1, 2018	A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially craft
CVE-2015-1854	Hig	7.5	< 1.3.4.14-1.2	1.3.4.14-1.2	Sep 19, 2017	389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
CVE-2016-4992	Hig	7.5	< 2.0.10~git0.21dd2802c-1.1	2.0.10~git0.21dd2802c-1.1	Jun 8, 2017	389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component o
CVE-2015-3230		—	< 1.3.4.14-1.2	1.3.4.14-1.2	Oct 29, 2015	389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
CVE-2014-8112		—	< 1.3.4.14-1.2	1.3.4.14-1.2	Mar 10, 2015	389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.
CVE-2014-8105		—	< 1.3.4.14-1.2	1.3.4.14-1.2	Mar 10, 2015	389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

CVE-2017-15134Mar 1, 2018
affected < 2.0.10~git0.21dd2802c-1.1fixed 2.0.10~git0.21dd2802c-1.1
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially craft
CVE-2015-1854HigSep 19, 2017
affected < 1.3.4.14-1.2fixed 1.3.4.14-1.2
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
CVE-2016-4992HigJun 8, 2017
affected < 2.0.10~git0.21dd2802c-1.1fixed 2.0.10~git0.21dd2802c-1.1
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component o
CVE-2015-3230Oct 29, 2015
affected < 1.3.4.14-1.2fixed 1.3.4.14-1.2
389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
CVE-2014-8112Mar 10, 2015
affected < 1.3.4.14-1.2fixed 1.3.4.14-1.2
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.
CVE-2014-8105Mar 10, 2015
affected < 1.3.4.14-1.2fixed 1.3.4.14-1.2
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

Page 2 of 2