Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject 389 directory server vulnerabilities and exploits
(subscribe to this query)
694
VMScore
CVE-2019-10171
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x prior to 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
Fedoraproject 389 Directory Server
Redhat Enterprise Linux Server Eus 7.5
668
VMScore
CVE-2011-0019
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote malicious users to cause a denial of service (daemon crash) or possibly have unspecified other impact via...
Fedoraproject 389 Directory Server 1.2.7.5
Redhat Directory Server 8.2.3
Redhat Directory Server 8.2
578
VMScore
CVE-2014-0132
The SASL authentication functionality in 389 Directory Server prior to 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
Fedoraproject 389 Directory Server 1.2.11.9
Fedoraproject 389 Directory Server 1.2.11.23
Fedoraproject 389 Directory Server 1.2.11.8
Fedoraproject 389 Directory Server 1.2.11.13
Fedoraproject 389 Directory Server
Fedoraproject 389 Directory Server 1.2.11.22
Fedoraproject 389 Directory Server 1.2.11.21
Fedoraproject 389 Directory Server 1.2.11.20
Fedoraproject 389 Directory Server 1.2.11.17
Fedoraproject 389 Directory Server 1.2.11.19
Fedoraproject 389 Directory Server 1.2.11.12
Fedoraproject 389 Directory Server 1.2.11.6
Fedoraproject 389 Directory Server 1.2.11.10
Fedoraproject 389 Directory Server 1.2.11.11
Fedoraproject 389 Directory Server 1.2.11.1
Fedoraproject 389 Directory Server 1.2.11.5
Fedoraproject 389 Directory Server 1.2.11.14
Fedoraproject 389 Directory Server 1.2.11.15
552
VMScore
CVE-2011-0532
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan hor...
Fedoraproject 389 Directory Server 1.2.6.1
Fedoraproject 389 Directory Server 1.2.6
Fedoraproject 389 Directory Server 1.2.5
Fedoraproject 389 Directory Server 1.2.2
Fedoraproject 389 Directory Server 1.2.8
Fedoraproject 389 Directory Server 1.2.7
Fedoraproject 389 Directory Server 1.2.7.5
Fedoraproject 389 Directory Server 1.2.1
Fedoraproject 389 Directory Server 1.2.3
Redhat Directory Server 8.2.3
Redhat Directory Server 8.2
534
VMScore
CVE-2012-4450
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
Fedoraproject 389 Directory Server 1.2.10
445
VMScore
CVE-2022-1949
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a fi...
Port389 389-ds-base
Redhat Enterprise Linux 8.0
Redhat Directory Server 11.0
Redhat Enterprise Linux 9.0
Redhat Directory Server 12.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
445
VMScore
CVE-2021-3480
A flaw was found in slapi-nis in versions prior to 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated malicious user to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability...
Slapi-nis Project Slapi-nis
Fedoraproject Fedora 33
Fedoraproject Fedora 34
445
VMScore
CVE-2019-3883
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this time...
Fedoraproject 389 Directory Server
Debian Debian Linux 8.0
Redhat Enterprise Linux 6.0
445
VMScore
CVE-2017-7551
389-ds-base version prior to 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
Fedoraproject 389 Directory Server 1.3.6.7
Fedoraproject 389 Directory Server 1.3.5.19
445
VMScore
CVE-2014-3562
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote malicious users to obtain sensitive replicated metadata by searching the directory.
Fedoraproject 389 Directory Server 1.3.0.3
Fedoraproject 389 Directory Server 1.2.5
Fedoraproject 389 Directory Server 1.2.3
Fedoraproject 389 Directory Server 1.2.11.9
Fedoraproject 389 Directory Server 1.3.0.7
Fedoraproject 389 Directory Server 1.3.0.5
Fedoraproject 389 Directory Server 1.2.8
Fedoraproject 389 Directory Server 1.2.11.23
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Fedoraproject 389 Directory Server 1.2.9.9
Fedoraproject 389 Directory Server 1.2.11.8
Fedoraproject 389 Directory Server 1.2.8.3
Fedoraproject 389 Directory Server 1.2.6
Fedoraproject 389 Directory Server 1.2.10
Fedoraproject 389 Directory Server 1.2.11.13
Fedoraproject 389 Directory Server 1.2.8.2
Fedoraproject 389 Directory Server 1.2.11.22
Fedoraproject 389 Directory Server 1.3.0.8
Fedoraproject 389 Directory Server 1.2.11.21
Fedoraproject 389 Directory Server 1.3.0.4
Fedoraproject 389 Directory Server 1.2.7.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »