38 matches found
EUVD-2022-35084
Malicious code in bioql PyPI...
Alibaba Cloud Linux 3 : 0045: 389-ds:1.4 (ALINUX3-SA-2021:0045)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0045 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3514: When using a syncrepl client in...
RHEL 8 : redhat-ds:11.3 (RHSA-2022:0952)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0952 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol...
RHEL 8 : redhat-ds:11 (RHSA-2021:3955)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3955 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : 389 Directory Server vulnerabilities (USN-5231-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5231-1 advisory. It was discovered that 389 Directory Server presented to users, during authentication, an error message which could be used to...
Debian dla-3399 : 389-ds - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3399 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3399-1 [email protected]...
[SECURITY] [DLA 3399-1] 389-ds-base security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3399-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky April 24, 2023 https://wiki.debian.org/LTS -...
Ubuntu: Security Advisory (USN-5231-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : 389-ds-base (ALAS-2022-1879)
The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1879 advisory. A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL...
AlmaLinux 8 : 389-ds:1.4 (ALSA-2022:7133)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7133 advisory. 389-ds-base: SIGSEGV in syncrepl CVE-2022-2850 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Nessu...
Oracle Linux 8 : 389-ds:1.4 (ELSA-2022-7133)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7133 advisory. 1.4.3.28-8 - Bump version to 1.4.3.28-8 - Resolves: Bug 2131743 - SIGSEGV in syncrepl Tenable has extracted the preceding description block directly from the...
CVE-2022-2850
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix ...
Null pointer dereference
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix ...
CVE-2022-2850
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix ...
CVE-2022-2850
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix ...
USN-5231-1: 389 Directory Server vulnerabilities
It was discovered that 389 Directory Server presented to users, during authentication, an error message which could be used to discover if a certain LDAP DN existed or not. A remote unauthenticated attacker could possibly use this to check the existence of an entry in a LDAP database and expose...
Moderate: Red Hat Security Advisory: redhat-ds:11.3 security and bug fix update
An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.3 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Rocky Linux 8 : 389-ds:1.4 (RLSA-2021:2595)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2595 advisory. - When using a syncrepl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash...
[ASA-202107-72] 389-ds-base: multiple issues
Arch Linux Security Advisory ASA-202107-72 ========================================== Severity: Medium Date : 2021-07-27 CVE-ID : CVE-2021-3514 CVE-2021-3652 Package : 389-ds-base Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2206 Summary ======= The package...
Moderate: Red Hat Security Advisory: 389-ds:1.4 security update
An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...