389-ds-base - Arch Linux
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2206 | 2.0.3-2 | Medium | Vulnerable | ||
| AVG-1887 | 2.0.3-2 | Low | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-3652 | AVG-2206 | Medium | Yes | Authentication bypass | In 389-ds-base, it was found that if an asterisk is imported as a password hashes, either accidentally or maliciously, then instead of being inactive, any... |
| CVE-2021-3514 | AVG-1887 | Low | Yes | Denial of service | A security issue was found in 389-ds-base. When using a sync_repl client, an authenticated attacker can cause a NULL pointer dereference using a specially... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1482 | 1.4.4.4-5 | 2.0.2-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-35518 | AVG-1482 | Medium | Yes | Information disclosure | A security issue was found in 389-ds-base starting from version 1.4.2.3. When binding against a DN during authentication, the reply from 389-ds-base will be... |