Redhat

Directory Server

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.19%
  • Veröffentlicht 27.02.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:38:22

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the co...

Exploit
  • EPSS 1.24%
  • Veröffentlicht 14.10.2022 18:15:14
  • Zuletzt bearbeitet 03.11.2025 21:15:52

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. ...

  • EPSS 1.39%
  • Veröffentlicht 02.06.2022 14:15:34
  • Zuletzt bearbeitet 13.12.2024 18:47:19

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unau...

  • EPSS 1.54%
  • Veröffentlicht 26.03.2021 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:27:28

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

  • EPSS 0.26%
  • Veröffentlicht 09.01.2020 21:15:10
  • Zuletzt bearbeitet 21.11.2024 01:18:26

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-root...

  • EPSS 1.35%
  • Veröffentlicht 05.11.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 01:16:11

The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.

  • EPSS 2.2%
  • Veröffentlicht 21.08.2014 14:55:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

  • EPSS 1.99%
  • Veröffentlicht 23.11.2013 11:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

  • EPSS 1.76%
  • Veröffentlicht 31.07.2013 13:20:25
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.

  • EPSS 1.33%
  • Veröffentlicht 03.07.2012 16:40:34
  • Zuletzt bearbeitet 16.06.2026 23:42:01

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated us...