Vulnerabilities > Fedoraproject > 389 Directory Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-09 | CVE-2010-3282 | Cleartext Storage of Sensitive Information vulnerability in multiple products 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. | 1.9 |
| 2019-11-25 | CVE-2019-10224 | Information Exposure vulnerability in Fedoraproject 389 Directory Server A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. | 4.6 |
| 2019-11-08 | CVE-2019-14824 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. | 6.5 |
| 2019-08-02 | CVE-2019-10171 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. | 7.5 |
| 2019-04-17 | CVE-2019-3883 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. | 7.5 |
| 2018-09-28 | CVE-2018-14648 | Resource Exhaustion vulnerability in multiple products A flaw was found in 389 Directory Server. | 7.8 |
| 2018-09-14 | CVE-2018-14638 | Double Free vulnerability in multiple products A flaw was found in 389-ds-base before version 1.3.8.4-13. | 5.0 |
| 2018-09-06 | CVE-2018-14624 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. | 7.5 |
| 2018-07-18 | CVE-2018-10871 | Cleartext Storage of Sensitive Information vulnerability in multiple products 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. | 4.0 |
| 2018-06-22 | CVE-2017-2668 | NULL Pointer Dereference vulnerability in multiple products 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. | 4.3 |