|Max CVSS||7.8||Min CVSS||2.1||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
|04-12-2020 - 18:15||08-11-2019 - 15:15|
In 389-ds-base up to version 22.214.171.124, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are
|13-11-2020 - 16:15||17-04-2019 - 14:29|
389-ds-base before versions 126.96.36.199, 188.8.131.52, 184.108.40.206 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-sl
|09-10-2019 - 23:38||09-05-2018 - 15:29|
A flaw was found in 389-ds-base before version 220.127.116.11-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
|09-10-2019 - 23:35||14-09-2018 - 19:29|
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
|09-10-2019 - 23:35||28-09-2018 - 13:29|
389-ds-base before versions 18.104.22.168 and 22.214.171.124 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bin
|09-10-2019 - 23:27||22-06-2018 - 13:29|
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 126.96.36.199, 1.3.7.x before 188.8.131.52, 1.4.x before 184.108.40.206 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-sla
|15-05-2019 - 21:29||01-03-2018 - 22:29|
389 Directory Server 220.127.116.11 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
|22-04-2019 - 17:48||23-11-2013 - 11:55|
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
|22-04-2019 - 17:48||21-08-2014 - 14:55|
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the
|16-04-2019 - 20:30||08-06-2017 - 19:29|
389 Directory Server before 18.104.22.168 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
|16-04-2019 - 20:11||19-09-2017 - 15:29|
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially
|17-07-2018 - 01:29||07-03-2018 - 13:29|
389-ds-base version before 22.214.171.124 and 126.96.36.199 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
|05-01-2018 - 02:31||16-08-2017 - 18:29|
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.
|18-11-2017 - 02:29||31-07-2013 - 13:20|
389 Directory Server before 188.8.131.52 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated us
|19-09-2017 - 01:34||03-07-2012 - 16:40|
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 184.108.40.206 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
|12-10-2016 - 02:01||19-04-2016 - 21:59|
389 Directory Server 1.3.1.x, 1.3.2.x before 220.127.116.11, and 1.3.3.x before 18.104.22.168 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by re
|30-06-2016 - 16:55||10-03-2015 - 14:59|
389 Directory Server before 22.214.171.124 and 1.3.3.x before 126.96.36.199 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
|30-06-2016 - 16:53||10-03-2015 - 14:59|
389 Directory Server (formerly Fedora Directory Server) before 188.8.131.52 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
|30-10-2015 - 19:57||29-10-2015 - 20:59|
The SASL authentication functionality in 389 Directory Server before 184.108.40.206 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
|19-03-2014 - 14:12||18-03-2014 - 17:02|
ns-slapd in 389 Directory Server before 220.127.116.11 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
|11-09-2013 - 14:13||10-09-2013 - 19:55|
The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 18.104.22.168 and 1.3.x before 22.214.171.124 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the
|14-05-2013 - 04:00||13-05-2013 - 23:55|
389 Directory Server before 126.96.36.199 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.
|19-03-2013 - 04:00||13-03-2013 - 20:55|
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
|08-03-2013 - 04:09||01-10-2012 - 03:26|
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with
|17-07-2012 - 04:00||03-07-2012 - 16:40|