rpm package
opensuse/389-ds&distro=openSUSE Leap 15.0
pkg:rpm/opensuse/389-ds&distro=openSUSE%20Leap%2015.0
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-10935 | — | < 1.4.0.3-lp150.3.3.1 | 1.4.0.3-lp150.3.3.1 | Sep 11, 2018 | A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. | ||
| CVE-2018-14624 | — | < 1.4.0.3-lp150.3.3.1 | 1.4.0.3-lp150.3.3.1 | Sep 6, 2018 | A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, whi | ||
| CVE-2018-10850 | — | < 1.4.0.3-lp150.3.3.1 | 1.4.0.3-lp150.3.3.1 | Jun 13, 2018 | 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. | ||
| CVE-2017-15134 | — | < 1.4.0.3-lp150.3.3.1 | 1.4.0.3-lp150.3.3.1 | Mar 1, 2018 | A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially craft | ||
| CVE-2017-15135 | — | < 1.4.0.3-lp150.3.3.1 | 1.4.0.3-lp150.3.3.1 | Jan 24, 2018 | It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process u |
- CVE-2018-10935Sep 11, 2018affected < 1.4.0.3-lp150.3.3.1fixed 1.4.0.3-lp150.3.3.1
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
- CVE-2018-14624Sep 6, 2018affected < 1.4.0.3-lp150.3.3.1fixed 1.4.0.3-lp150.3.3.1
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, whi
- CVE-2018-10850Jun 13, 2018affected < 1.4.0.3-lp150.3.3.1fixed 1.4.0.3-lp150.3.3.1
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
- CVE-2017-15134Mar 1, 2018affected < 1.4.0.3-lp150.3.3.1fixed 1.4.0.3-lp150.3.3.1
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially craft
- CVE-2017-15135Jan 24, 2018affected < 1.4.0.3-lp150.3.3.1fixed 1.4.0.3-lp150.3.3.1
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process u