VYPR

389 Directory Server

by Fedoraproject

CVEs (26)

  • CVE-2017-7551CriAug 16, 2017
    risk 0.64cvss 9.8epss 0.01

    389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

  • CVE-2015-1854HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.02

    389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.

  • CVE-2016-0741HigApr 19, 2016
    risk 0.49cvss 7.5epss 0.04

    slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.

  • CVE-2024-6237Jul 9, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

  • CVE-2022-0996Mar 23, 2022
    risk 0.00cvss epss 0.02

    A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

  • CVE-2021-4091Feb 18, 2022
    risk 0.00cvss epss 0.02

    A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.

  • CVE-2010-2222Nov 5, 2019
    risk 0.00cvss epss 0.01

    The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.

  • CVE-2015-3230Oct 29, 2015
    risk 0.00cvss epss 0.03

    389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.

  • CVE-2014-8112Mar 10, 2015
    risk 0.00cvss epss 0.02

    389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.

  • CVE-2014-8105Mar 10, 2015
    risk 0.00cvss epss 0.02

    389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

  • CVE-2014-3562Aug 21, 2014
    risk 0.00cvss epss 0.02

    Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

  • CVE-2014-0132Mar 18, 2014
    risk 0.00cvss epss 0.02

    The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.

  • CVE-2013-4485Nov 23, 2013
    risk 0.00cvss epss 0.02

    389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

  • CVE-2013-4283Sep 10, 2013
    risk 0.00cvss epss 0.02

    ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.

  • CVE-2013-2219Jul 31, 2013
    risk 0.00cvss epss 0.02

    The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.

  • CVE-2013-1897May 13, 2013
    risk 0.00cvss epss 0.02

    The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used,…

  • CVE-2013-0312Mar 13, 2013
    risk 0.00cvss epss 0.03

    389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.

  • CVE-2012-4450Oct 1, 2012
    risk 0.00cvss epss 0.02

    389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.

  • CVE-2012-2746Jul 3, 2012
    risk 0.00cvss epss 0.01

    389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

  • CVE-2012-2678Jul 3, 2012
    risk 0.00cvss epss 0.01

    389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

Page 1 of 2