Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2018-10871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog...

7.2CVSS6.8AI score0.01005EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.30 views

RHEL 7 : 389-ds-base (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default CVE-2018-10871 Note tha...

7.2CVSS7.9AI score0.01005EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.35 views

Oracle Linux 8 : 389-ds:1.4 (ELSA-2019-3401)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3401 advisory. - In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout'...

7.5CVSS6.2AI score0.08426EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.37 views

Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2019-2127)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS6.8AI score0.01005EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/19 12:0 a.m.41 views

EulerOS 2.0 SP3 : 389-ds-base (EulerOS-SA-2019-2554)

According to the version of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/...

7.2CVSS6.5AI score0.01005EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/06 12:0 a.m.38 views

RHEL 8 : 389-ds:1.4 (RHSA-2019:3401)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3401 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP...

7.5CVSS6.6AI score0.08426EPSS
Exploits0References23
RedHat Linux
RedHat Linux
added 2019/11/05 9:17 p.m.49 views

Important: Red Hat Security Advisory: 389-ds:1.4 security, bug fix, and enhancement update

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.5AI score0.08426EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2019/08/20 12:0 a.m.25 views

SUSE SLED15 / SLES15 Security Update : 389-ds (SUSE-SU-2019:2155-1)

This update for 389-ds to version 1.4.0.26 fixes the following issues : Security issues fixed : CVE-2016-5416: Fixed an information disclosure where a anonymous user could read the default ACI bsc991201. CVE-2018-1054: Fixed a denial of service via search filters in SetUnicodeStringFromUTF8...

7.8CVSS6.7AI score0.08426EPSS
Exploits0References27
Oracle linux
Oracle linux
added 2018/11/05 12:0 a.m.512 views

389-ds-base security, bug fix, and enhancement update

1.3.8.4-15 - Bump version to 1.3.8.4-15 - Resolves: Bug 1624004 - Fix regression in last patch 1.3.8.4-14 - Bump version to 1.3.8.4-14 - Resolves: Bug 1624004 - potential denial of service attack 1.3.8.4-13 - Bump version to 1.3.8.4-13 - Resolves: Bug 1623949 - Crash in deletepasswdPolicy when...

7.8CVSS0.5AI score0.06238EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/09/02 12:0 a.m.35 views

Debian: Security Advisory (DLA-1483-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS7.2AI score0.01847EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/08/31 12:0 a.m.38 views

Debian DLA-1483-1 : 389-ds-base security update

CVE-2018-10871 By default nsslapd-unhashed-pw-switch was set to 'on'. So a copy of the unhashed password was kept in modifiers and was possibly logged in changelog and retroCL. Unless it is used by some plugin it does not require to keep unhashed passwords. The nsslapd-unhashed-pw-switch option i...

7.2CVSS6.4AI score0.01847EPSS
Exploits0References4
Debian
Debian
added 2018/08/30 7:44 p.m.29 views

[SECURITY] [DLA 1483-1] 389-ds-base security update

Package : 389-ds-base Version : 1.3.3.5-4+deb8u2 CVE ID : CVE-2018-10871 CVE-2018-10935 Debian Bug : 906985 CVE-2018-10871 By default nsslapd-unhashed-pw-switch was set to on. So a copy of the unhashed password was kept in modifiers and was possibly logged in changelog and retroCL. Unless it is...

7.2CVSS6.7AI score0.01847EPSS
Exploits0
NVD
NVD
added 2018/07/18 1:29 p.m.26 views

CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...

7.2CVSS5.3AI score0.01005EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/07/18 1:29 p.m.44 views

CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...

7.2CVSS6.7AI score0.01005EPSS
Exploits0References2
OSV
OSV
added 2018/07/18 1:29 p.m.7 views

CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...

7.2CVSS7AI score0.01005EPSS
Exploits0References4
CVE
CVE
added 2018/07/18 1:0 p.m.117 views

CVE-2018-10871

CVE-2018-10871 affects 389-ds-base prior to versions 1.3.8.5 and 1.4.0.12. When Replica and/or retroChangeLog plugins are enabled, the service stores passwords in plaintext in changelog files. An attacker with high privileges (e.g., root or Directory Manager) can read these files to obtain plaint...

7.2CVSS6.3AI score0.01005EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/07/18 1:0 p.m.22 views

CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...

3.8CVSS6.5AI score0.01005EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2018/07/18 1:0 p.m.36 views

CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...

7.2CVSS6.2AI score0.01005EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2018/06/27 4:18 p.m.38 views

CVE-2018-10871

By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext...

7.2CVSS0.9AI score0.01005EPSS
Exploits0References2
Rows per page
Query Builder