Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 53 results


CVE-2024-8445

Medium priority
Needs evaluation

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.

1 affected packages

389-ds-base

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
389-ds-base Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-6237

Medium priority
Needs evaluation

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

1 affected packages

389-ds-base

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
389-ds-base Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-5953

Medium priority
Needs evaluation

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.

1 affected packages

389-ds-base

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
389-ds-base Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-3657

Medium priority
Needs evaluation

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

1 affected packages

389-ds-base

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
389-ds-base Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-2199

Medium priority
Needs evaluation

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

1 affected packages

389-ds-base

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
389-ds-base Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-1062

Medium priority
Needs evaluation

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

1 affected packages

389-ds-base

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
389-ds-base Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-1055

Medium priority
Needs evaluation

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local...

1 affected packages

389-ds-base

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
389-ds-base Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-2850

Medium priority
Needs evaluation

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a...

1 affected packages

389-ds-base

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
389-ds-base Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-1949

Medium priority
Needs evaluation

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may...

1 affected packages

389-ds-base

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
389-ds-base Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-3652

Low priority
Not affected

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an...

1 affected packages

389-ds-base

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
389-ds-base Not affected Not affected Not affected Not affected
Show less packages