Port389

389-ds-base

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-2850

Exploit
  • EPSS 0.29%
  • Veröffentlicht 14.10.2022 18:15:14
  • Zuletzt bearbeitet 03.11.2025 21:15:52

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. ...

6.5

CVE-2021-3652

  • EPSS 0.18%
  • Veröffentlicht 18.04.2022 17:15:15
  • Zuletzt bearbeitet 03.11.2025 21:15:42

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successful...

7.5

CVE-2022-0918

  • EPSS 7.13%
  • Veröffentlicht 16.03.2022 15:15:16
  • Zuletzt bearbeitet 03.11.2025 21:15:50

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, n...

7.5

CVE-2021-4091

  • EPSS 0.24%
  • Veröffentlicht 18.02.2022 18:15:10
  • Zuletzt bearbeitet 03.11.2025 21:15:47

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.