cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2019-10224,https://securityvulnerability.io/vulnerability/CVE-2019-10224,,"A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.",Red Hat,389-ds-base,4.3,MEDIUM,0.0013000000035390258,false,false,false,false,,false,false,2019-11-25T00:00:00.000Z,0 CVE-2019-3883,https://securityvulnerability.io/vulnerability/CVE-2019-3883,,"In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.",Red Hat,389-ds-base,5.3,MEDIUM,0.04633999988436699,false,false,false,false,,false,false,2019-04-17T00:00:00.000Z,0 CVE-2018-10935,https://securityvulnerability.io/vulnerability/CVE-2018-10935,,A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.,Red Hat,389-ds-base,6.5,MEDIUM,0.004459999967366457,false,false,false,false,,false,false,2018-09-11T15:00:00.000Z,0 CVE-2018-1054,https://securityvulnerability.io/vulnerability/CVE-2018-1054,,"An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.",Red Hat,389-ds-base,7.5,HIGH,0.010900000110268593,false,false,false,false,,false,false,2018-03-07T13:29:00.000Z,0 CVE-2017-15134,https://securityvulnerability.io/vulnerability/CVE-2017-15134,,"A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.",Red Hat,389-ds-base,7.5,HIGH,0.01283000037074089,false,false,false,false,,false,false,2018-03-01T22:29:00.000Z,0 CVE-2017-15135,https://securityvulnerability.io/vulnerability/CVE-2017-15135,,"It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.",Red Hat,389-ds-base,8.1,HIGH,0.005309999920427799,false,false,false,false,,false,false,2018-01-24T15:00:00.000Z,0