389-ds (SUSE:Linux Enterprise High Performance Computing 15-ESPOS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15-ESPOS package 389-ds, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2021-4091 — CVSS 7.5 (high): A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series…
CVE-2022-0918 — CVSS 7.5 (high): A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to…
CVE-2022-1949 — CVSS 7.5 (high): An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that…
CVE-2021-3652 — CVSS 6.5 (medium): A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being…
CVE-2022-0996 — CVSS 6.5 (medium): A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.