Vulnerabilities > Fedoraproject > 389 Directory Server > 1.2.11.25
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2019-3883 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. | 7.5 |
| 2018-09-28 | CVE-2018-14648 | Resource Exhaustion vulnerability in multiple products A flaw was found in 389 Directory Server. | 7.8 |
| 2018-09-14 | CVE-2018-14638 | Double Free vulnerability in multiple products A flaw was found in 389-ds-base before version 1.3.8.4-13. | 5.0 |
| 2018-09-06 | CVE-2018-14624 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. | 7.5 |
| 2018-07-18 | CVE-2018-10871 | Cleartext Storage of Sensitive Information vulnerability in multiple products 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. | 4.0 |
| 2018-06-13 | CVE-2018-10850 | Race Condition vulnerability in multiple products 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. | 7.1 |
| 2018-04-30 | CVE-2017-2591 | Out-of-bounds Read vulnerability in multiple products 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. | 7.5 |
| 2018-03-07 | CVE-2018-1054 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. | 5.0 |
| 2017-09-19 | CVE-2015-1854 | Improper Access Control vulnerability in multiple products 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | 7.5 |
| 2013-09-10 | CVE-2013-4283 | Improper Input Validation vulnerability in Fedoraproject 389 Directory Server ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request. | 5.0 |