Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat directory server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-10935
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
Redhat 389 Directory Server
NA
CVE-2014-3562
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote malicious users to obtain sensitive replicated metadata by searching the directory.
Fedoraproject 389 Directory Server 1.3.0.3
Fedoraproject 389 Directory Server 1.2.5
Fedoraproject 389 Directory Server 1.2.3
Fedoraproject 389 Directory Server 1.2.11.9
Fedoraproject 389 Directory Server 1.3.0.7
Fedoraproject 389 Directory Server 1.3.0.5
Fedoraproject 389 Directory Server 1.2.8
Fedoraproject 389 Directory Server 1.2.11.23
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Fedoraproject 389 Directory Server 1.2.9.9
Fedoraproject 389 Directory Server 1.2.11.8
Fedoraproject 389 Directory Server 1.2.8.3
Fedoraproject 389 Directory Server 1.2.6
Fedoraproject 389 Directory Server 1.2.10
Fedoraproject 389 Directory Server 1.2.11.13
Fedoraproject 389 Directory Server 1.2.8.2
Fedoraproject 389 Directory Server 1.2.11.22
Fedoraproject 389 Directory Server 1.3.0.8
Fedoraproject 389 Directory Server 1.2.11.21
Fedoraproject 389 Directory Server 1.3.0.4
Fedoraproject 389 Directory Server 1.2.7.5
7.5
CVSSv3
CVE-2022-1949
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a fi...
Port389 389-ds-base
Redhat Enterprise Linux 8.0
Redhat Directory Server 11.0
Redhat Enterprise Linux 9.0
Redhat Directory Server 12.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.5
CVSSv3
CVE-2019-10171
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x prior to 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
Fedoraproject 389 Directory Server
Redhat Enterprise Linux Server Eus 7.5
6.5
CVSSv3
CVE-2022-2850
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated malicious user to cause a denial of service. This CVE is assigned aga...
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Redhat Directory Server 11.0
Redhat Enterprise Linux 9.0
Redhat Directory Server 12.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Port389 389-ds-base
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2022-0996
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
Redhat 389 Directory Server 1.4.0.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Redhat Enterprise Linux 8.0
1 Github repository
6.5
CVSSv3
CVE-2019-14824
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated malicious user to view private attributes, such as password hashes.
Fedoraproject 389 Directory Server -
Redhat Enterprise Linux 7.0
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2019-3883
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this time...
Fedoraproject 389 Directory Server
Debian Debian Linux 8.0
Redhat Enterprise Linux 6.0
7.5
CVSSv3
CVE-2019-3816
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request t...
Openwsman Project Openwsman
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 42.3
Opensuse Leap 15.0
1 Article
6.5
CVSSv3
CVE-2015-3147
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Automatic Bug Reporting Tool -
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Server Eus 7.1
Redhat Enterprise Linux Server Tus 7.3
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Eus 7.3
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Server Eus 7.5
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Server Eus 7.7
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »