|Max CVSS||7.8||Min CVSS||2.1||Total Count||21|
|ID||CVSS||Summary||Last (major) update||Published|
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
|28-09-2018 - 09:29||28-09-2018 - 09:29|
A flaw was found in 389-ds-base before version 22.214.171.124-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
|14-09-2018 - 15:29||14-09-2018 - 15:29|
389-ds-base before versions 126.96.36.199 and 188.8.131.52 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bin
|22-06-2018 - 09:29||22-06-2018 - 09:29|
389-ds-base before versions 184.108.40.206, 220.127.116.11, 18.104.22.168 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-sl
|09-05-2018 - 11:29||09-05-2018 - 11:29|
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially
|07-03-2018 - 08:29||07-03-2018 - 08:29|
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 22.214.171.124, 1.3.7.x before 126.96.36.199, 1.4.x before 188.8.131.52 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-sla
|01-03-2018 - 17:29||01-03-2018 - 17:29|
389 Directory Server before 184.108.40.206 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
|19-09-2017 - 11:29||19-09-2017 - 11:29|
389-ds-base version before 220.127.116.11 and 18.104.22.168 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
|16-08-2017 - 14:29||16-08-2017 - 14:29|
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the
|08-06-2017 - 15:29||08-06-2017 - 15:29|
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 22.214.171.124 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
|11-10-2016 - 22:01||19-04-2016 - 17:59|
389 Directory Server 1.3.1.x, 1.3.2.x before 126.96.36.199, and 1.3.3.x before 188.8.131.52 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by re
|30-06-2016 - 12:55||10-03-2015 - 10:59|
389 Directory Server before 184.108.40.206 and 1.3.3.x before 220.127.116.11 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
|30-06-2016 - 12:53||10-03-2015 - 10:59|
The SASL authentication functionality in 389 Directory Server before 18.104.22.168 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
|19-03-2014 - 10:12||18-03-2014 - 13:02|
389 Directory Server 22.214.171.124 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
|27-02-2014 - 18:18||23-11-2013 - 06:55|
389 Directory Server before 126.96.36.199 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated us
|05-12-2013 - 00:14||03-07-2012 - 12:40|
ns-slapd in 389 Directory Server before 188.8.131.52 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
|11-09-2013 - 10:13||10-09-2013 - 15:55|
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.
|31-07-2013 - 00:00||31-07-2013 - 09:20|
The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 184.108.40.206 and 1.3.x before 220.127.116.11 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the
|14-05-2013 - 00:00||13-05-2013 - 19:55|
389 Directory Server before 18.104.22.168 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.
|19-03-2013 - 00:00||13-03-2013 - 16:55|
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
|07-03-2013 - 23:09||30-09-2012 - 23:26|
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with
|17-07-2012 - 00:00||03-07-2012 - 12:40|