Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Fedoraproject Subscribe
Filtered by product 389 Directory Server

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-14824 3 Debian, Fedoraproject, Redhat 3 Debian Linux, 389 Directory Server, Enterprise Linux 2020-12-04 3.5 LOW 6.5 MEDIUM
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
CVE-2019-10224 1 Fedoraproject 1 389 Directory Server 2019-12-10 2.1 LOW 4.6 MEDIUM
A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.
CVE-2017-2668 2 Fedoraproject, Redhat 4 389 Directory Server, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-10-09 4.3 MEDIUM 6.5 MEDIUM
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.
CVE-2018-10850 3 Debian, Fedoraproject, Redhat 9 Debian Linux, 389 Directory Server, Enterprise Linux and 6 more 2019-05-15 7.1 HIGH 5.9 MEDIUM
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
CVE-2011-0704 1 Fedoraproject 1 389 Directory Server 2018-06-07 4.3 MEDIUM 5.9 MEDIUM
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.