Fedoraproject

389 Directory Server

39 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2015-3230

  • EPSS 0.61%
  • Published 29.10.2015 20:59:00
  • Last modified 12.04.2025 10:46:40

389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.

4

CVE-2014-8112

  • EPSS 0.27%
  • Published 10.03.2015 14:59:01
  • Last modified 12.04.2025 10:46:40

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by re...

5

CVE-2014-8105

  • EPSS 0.44%
  • Published 10.03.2015 14:59:00
  • Last modified 12.04.2025 10:46:40

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

5

CVE-2014-3562

  • EPSS 0.31%
  • Published 21.08.2014 14:55:04
  • Last modified 12.04.2025 10:46:40

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

6.5

CVE-2014-0132

Exploit
  • EPSS 0.57%
  • Published 18.03.2014 17:02:53
  • Last modified 12.04.2025 10:46:40

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.

4

CVE-2013-4485

  • EPSS 0.42%
  • Published 23.11.2013 11:55:04
  • Last modified 11.04.2025 00:51:21

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

5

CVE-2013-4283

  • EPSS 0.76%
  • Published 10.09.2013 19:55:11
  • Last modified 11.04.2025 00:51:21

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.

4

CVE-2013-2219

  • EPSS 0.17%
  • Published 31.07.2013 13:20:25
  • Last modified 11.04.2025 00:51:21

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.

2.6

CVE-2013-1897

  • EPSS 0.41%
  • Published 13.05.2013 23:55:01
  • Last modified 11.04.2025 00:51:21

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the...

5

CVE-2013-0312

  • EPSS 1.38%
  • Published 13.03.2013 20:55:02
  • Last modified 11.04.2025 00:51:21

389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.