rpm package
suse/389-ds&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1949 | — | < 1.4.2.16~git68.efa843752-150100.7.34.1 | 1.4.2.16~git68.efa843752-150100.7.34.1 | Jun 1, 2022 | An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a fi | ||
| CVE-2021-3652 | — | < 1.4.2.16~git68.efa843752-150100.7.34.1 | 1.4.2.16~git68.efa843752-150100.7.34.1 | Apr 18, 2022 | A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whos | ||
| CVE-2022-0996 | — | < 1.4.2.16~git68.efa843752-150100.7.34.1 | 1.4.2.16~git68.efa843752-150100.7.34.1 | Mar 23, 2022 | A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | ||
| CVE-2022-0918 | — | < 1.4.2.16~git68.efa843752-150100.7.34.1 | 1.4.2.16~git68.efa843752-150100.7.34.1 | Mar 16, 2022 | A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication | ||
| CVE-2021-4091 | — | < 1.4.2.16~git68.efa843752-150100.7.34.1 | 1.4.2.16~git68.efa843752-150100.7.34.1 | Feb 18, 2022 | A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. |
- CVE-2022-1949Jun 1, 2022affected < 1.4.2.16~git68.efa843752-150100.7.34.1fixed 1.4.2.16~git68.efa843752-150100.7.34.1
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a fi
- CVE-2021-3652Apr 18, 2022affected < 1.4.2.16~git68.efa843752-150100.7.34.1fixed 1.4.2.16~git68.efa843752-150100.7.34.1
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whos
- CVE-2022-0996Mar 23, 2022affected < 1.4.2.16~git68.efa843752-150100.7.34.1fixed 1.4.2.16~git68.efa843752-150100.7.34.1
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
- CVE-2022-0918Mar 16, 2022affected < 1.4.2.16~git68.efa843752-150100.7.34.1fixed 1.4.2.16~git68.efa843752-150100.7.34.1
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication
- CVE-2021-4091Feb 18, 2022affected < 1.4.2.16~git68.efa843752-150100.7.34.1fixed 1.4.2.16~git68.efa843752-150100.7.34.1
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.