Port389

389-ds-base

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-2850

Exploit
  • EPSS 0.27%
  • Published 14.10.2022 18:15:14
  • Last modified 15.05.2025 15:15:53

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. ...

6.5

CVE-2021-3652

  • EPSS 0.17%
  • Published 18.04.2022 17:15:15
  • Last modified 21.11.2024 06:22:04

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successful...

7.5

CVE-2022-0918

  • EPSS 5.73%
  • Published 16.03.2022 15:15:16
  • Last modified 13.02.2025 17:15:35

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, n...

7.5

CVE-2021-4091

  • EPSS 0.18%
  • Published 18.02.2022 18:15:10
  • Last modified 21.11.2024 06:36:53

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.