Vulnerabilities > Fedoraproject > 389 Directory Server > 1.2.7

DATE CVE VULNERABILITY TITLE RISK
2020-01-09 CVE-2010-3282 Cleartext Storage of Sensitive Information vulnerability in multiple products
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
local
low complexity
hp redhat fedoraproject CWE-312
3.3
3.3
2019-04-17 CVE-2019-3883 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads.
network
low complexity
fedoraproject debian redhat CWE-772
7.5
7.5
2018-09-28 CVE-2018-14648 Resource Exhaustion vulnerability in multiple products
A flaw was found in 389 Directory Server.
network
low complexity
fedoraproject redhat debian CWE-400
7.5
7.5
2018-09-14 CVE-2018-14638 Double Free vulnerability in multiple products
A flaw was found in 389-ds-base before version 1.3.8.4-13.
network
low complexity
fedoraproject redhat CWE-415
7.5
7.5
2018-09-06 CVE-2018-14624 A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16.
network
low complexity
fedoraproject redhat debian
7.5
7.5
2018-07-18 CVE-2018-10871 Cleartext Storage of Sensitive Information vulnerability in multiple products
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information.
network
low complexity
fedoraproject debian CWE-312
7.2
7.2
2018-06-13 CVE-2018-10850 Race Condition vulnerability in multiple products
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load.
network
high complexity
fedoraproject redhat debian CWE-362
5.9
5.9
2018-04-30 CVE-2017-2591 Out-of-bounds Read vulnerability in multiple products
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server.
network
low complexity
fedoraproject redhat CWE-125
7.5
7.5
2018-03-07 CVE-2018-1054 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x.
network
low complexity
fedoraproject redhat CWE-125
7.5
7.5
2017-09-19 CVE-2015-1854 Improper Access Control vulnerability in multiple products
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
network
low complexity
fedoraproject debian CWE-284
7.5
7.5