389-ds (SUSE:Linux Enterprise Module for Server Applications 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Server Applications 15 package 389-ds, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2017-15135 — CVSS 8.1 (high): It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly…
CVE-2017-15134 — CVSS 7.5 (high): A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled…
CVE-2018-1054 — CVSS 7.5 (high): An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including…
CVE-2019-3883 — CVSS 7.5 (high): In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most…
CVE-2018-14638 — CVSS 7.5 (high): A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent…
CVE-2018-14648 — CVSS 7.5 (high): A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search()…
CVE-2016-5416 — CVSS 7.5 (high): 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise…
CVE-2018-1089 — CVSS 7.5 (high): 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes…
CVE-2018-14624 — CVSS 7.5 (high): A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not…
CVE-2018-10935 — CVSS 6.5 (medium): A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
CVE-2018-10850 — CVSS 5.9 (medium): 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting…
CVE-2018-10871 — CVSS 3.8 (low): 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica…