Max CVSS | 7.8 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-3883 | 5.0 |
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are
|
24-04-2023 - 09:15 | 17-04-2019 - 14:29 | |
CVE-2019-14824 | 3.5 |
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
|
24-04-2023 - 09:15 | 08-11-2019 - 15:15 | |
CVE-2015-3230 | 7.5 |
389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
|
13-02-2023 - 00:48 | 29-10-2015 - 20:59 | |
CVE-2015-1854 | 5.0 |
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
|
13-02-2023 - 00:47 | 19-09-2017 - 15:29 | |
CVE-2014-8105 | 5.0 |
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
|
13-02-2023 - 00:42 | 10-03-2015 - 14:59 | |
CVE-2014-8112 | 4.0 |
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by re
|
13-02-2023 - 00:42 | 10-03-2015 - 14:59 | |
CVE-2014-3562 | 5.0 |
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
|
13-02-2023 - 00:40 | 21-08-2014 - 14:55 | |
CVE-2014-0132 | 6.5 |
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
|
13-02-2023 - 00:32 | 18-03-2014 - 17:02 | |
CVE-2017-7551 | 5.0 |
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
|
12-02-2023 - 23:31 | 16-08-2017 - 18:29 | |
CVE-2016-5416 | 5.0 |
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the
|
12-02-2023 - 23:24 | 08-06-2017 - 19:29 | |
CVE-2018-1089 | 5.0 |
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-sl
|
09-10-2019 - 23:38 | 09-05-2018 - 15:29 | |
CVE-2018-14638 | 5.0 |
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
|
09-10-2019 - 23:35 | 14-09-2018 - 19:29 | |
CVE-2018-14648 | 7.8 |
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
|
09-10-2019 - 23:35 | 28-09-2018 - 13:29 | |
CVE-2017-2668 | 4.3 |
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bin
|
09-10-2019 - 23:27 | 22-06-2018 - 13:29 | |
CVE-2017-15134 | 5.0 |
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-sla
|
15-05-2019 - 21:29 | 01-03-2018 - 22:29 | |
CVE-2013-4485 | 4.0 |
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
|
22-04-2019 - 17:48 | 23-11-2013 - 11:55 | |
CVE-2018-1054 | 5.0 |
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially
|
17-07-2018 - 01:29 | 07-03-2018 - 13:29 | |
CVE-2013-2219 | 4.0 |
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.
|
18-11-2017 - 02:29 | 31-07-2013 - 13:20 | |
CVE-2012-2746 | 2.1 |
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated us
|
19-09-2017 - 01:34 | 03-07-2012 - 16:40 | |
CVE-2016-0741 | 7.8 |
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
|
12-10-2016 - 02:01 | 19-04-2016 - 21:59 | |
CVE-2013-4283 | 5.0 |
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
|
11-09-2013 - 14:13 | 10-09-2013 - 19:55 | |
CVE-2013-1897 | 2.6 |
The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the
|
14-05-2013 - 04:00 | 13-05-2013 - 23:55 | |
CVE-2013-0312 | 5.0 |
389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.
|
19-03-2013 - 04:00 | 13-03-2013 - 20:55 | |
CVE-2012-4450 | 6.0 |
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
|
08-03-2013 - 04:09 | 01-10-2012 - 03:26 | |
CVE-2012-0833 | 2.3 |
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with
|
17-07-2012 - 04:00 | 03-07-2012 - 16:40 |