CVE-2020-35518
- EPSS 1.54%
- Veröffentlicht 26.03.2021 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:27:28
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
CVE-2010-3282
- EPSS 0.26%
- Veröffentlicht 09.01.2020 21:15:10
- Zuletzt bearbeitet 21.11.2024 01:18:26
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-root...
CVE-2010-2222
- EPSS 1.35%
- Veröffentlicht 05.11.2019 20:15:10
- Zuletzt bearbeitet 21.11.2024 01:16:11
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.
- EPSS 2.2%
- Veröffentlicht 21.08.2014 14:55:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
- EPSS 1.99%
- Veröffentlicht 23.11.2013 11:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
- EPSS 1.76%
- Veröffentlicht 31.07.2013 13:20:25
- Zuletzt bearbeitet 29.04.2026 01:13:23
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.
CVE-2012-2746
- EPSS 1.33%
- Veröffentlicht 03.07.2012 16:40:34
- Zuletzt bearbeitet 16.06.2026 23:42:01
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated us...
CVE-2012-2678
- EPSS 0.64%
- Veröffentlicht 03.07.2012 16:40:33
- Zuletzt bearbeitet 16.06.2026 23:41:51
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#use...
CVE-2011-0019
- EPSS 1.42%
- Veröffentlicht 23.02.2011 19:00:01
- Zuletzt bearbeitet 16.06.2026 23:26:38
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unsp...
CVE-2011-0022
- EPSS 0.29%
- Veröffentlicht 23.02.2011 19:00:01
- Zuletzt bearbeitet 16.06.2026 23:26:38
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (...