High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-02	CVE-2019-10171	Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. network low complexity fedoraproject redhat CWE-770	7.5
2019-04-17	CVE-2019-3883	Missing Release of Resource after Effective Lifetime vulnerability in multiple products In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. network low complexity fedoraproject debian redhat CWE-772	7.5
2018-09-28	CVE-2018-14648	Resource Exhaustion vulnerability in multiple products A flaw was found in 389 Directory Server. network low complexity fedoraproject redhat debian CWE-400	7.5
2018-09-14	CVE-2018-14638	Double Free vulnerability in multiple products A flaw was found in 389-ds-base before version 1.3.8.4-13. network low complexity fedoraproject redhat CWE-415	7.5
2018-09-06	CVE-2018-14624	A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. network low complexity fedoraproject redhat debian	7.5
2018-07-18	CVE-2018-10871	Cleartext Storage of Sensitive Information vulnerability in multiple products 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. network low complexity fedoraproject debian CWE-312	7.2
2018-05-09	CVE-2018-1089	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. network low complexity fedoraproject redhat debian CWE-119	7.5
2018-04-30	CVE-2017-2591	Out-of-bounds Read vulnerability in multiple products 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. network low complexity fedoraproject redhat CWE-125	7.5
2018-03-07	CVE-2018-1054	Out-of-bounds Read vulnerability in multiple products An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. network low complexity fedoraproject redhat CWE-125	7.5
2018-03-01	CVE-2017-15134	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. network low complexity fedoraproject redhat CWE-119	7.5