Redhat

Directory Server

28 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2025-3416

  • EPSS 0.07%
  • Published 08.04.2025 18:24:22
  • Last modified 09.04.2025 20:02:41

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the in...

4.9

CVE-2025-2487

  • EPSS 0.49%
  • Published 18.03.2025 16:25:43
  • Last modified 13.05.2025 14:15:20

A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a lda...

6.5

CVE-2024-6237

  • EPSS 0.55%
  • Published 09.07.2024 17:15:48
  • Last modified 21.11.2024 09:49:15

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

5.5

CVE-2024-1062

  • EPSS 0.02%
  • Published 12.02.2024 13:15:09
  • Last modified 18.02.2025 11:15:11

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

5.5

CVE-2023-1055

  • EPSS 0.05%
  • Published 27.02.2023 22:15:09
  • Last modified 21.11.2024 07:38:22

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the co...

6.5

CVE-2022-2850

Exploit
  • EPSS 0.27%
  • Published 14.10.2022 18:15:14
  • Last modified 15.05.2025 15:15:53

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. ...

7.5

CVE-2022-1949

  • EPSS 0.51%
  • Published 02.06.2022 14:15:34
  • Last modified 13.12.2024 18:47:19

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unau...

5.3

CVE-2020-35518

  • EPSS 0.8%
  • Published 26.03.2021 17:15:12
  • Last modified 21.11.2024 05:27:28

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

3.3

CVE-2010-3282

  • EPSS 0.16%
  • Published 09.01.2020 21:15:10
  • Last modified 21.11.2024 01:18:26

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-root...

7.5

CVE-2010-2222

  • EPSS 0.44%
  • Published 05.11.2019 20:15:10
  • Last modified 21.11.2024 01:16:11

The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.