ALSA-2024:3837 Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ...

Important: Red Hat Security Advisory: 389-ds-base security update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

Oracle Linux 7 : 389-ds-base (ELSA-2024-3591)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3591 advisory. 1.3.11.1-5 - Bump version to 1.3.11.1-5 - Resolves: RHEL-33337 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos...

389-ds-base security update

1.3.11.1-5 - Bump version to 1.3.11.1-5 - Resolves: RHEL-33337 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request - Resolves: RHEL-34817 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at domodify in slapd/modify.c...

SUSE CVE-2024-2199

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

CVE-2024-2199

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

CVE-2024-2199

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

CVE-2024-2199

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

UBUNTU-CVE-2024-2199

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

CVE-2024-2199

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

CVE-2024-2199 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

CVE-2024-2199 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

CVE-2024-2199

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input. Mitigation Mitigation for this issue is either not available or the currently available options don't meet...

Information Exposure

389-ds-base is vulnerable to Information Exposure. The vulnerability is due to LDAP mistakenly decoding the userPassword attribute instead of the userCertificate attribute, potentially leading to the leakage of sensitive information. An attacker with local access to a system running cockpit-389-d...

Free Hospital Management System for Small Practices SQL Injection Vulnerability

Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. An SQL injection vulnerability exists in Free Hospital Management System for Small Practices version 1.0, which stems from the fact th...

Fedora 38 : 389-ds-base (2023-c92be0dfa0)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c92be0dfa0 advisory. Bump version to 2.3.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Information Disclosure

389-ds-base is vulnerable to Information Disclosure. The mishandling of a filter may lead to an access control bypass, allowing remote unauthenticated users to search for database items they do not have access to, such as userPassword hashes and other sensitive data...

CVE-2023-1055

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes...

UBUNTU-CVE-2023-1055

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes...