Vulnerabilities > Redhat > Directory Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-6237 | Unspecified vulnerability in Redhat products A flaw was found in the 389 Directory Server. | 6.5 |
| 2023-02-27 | CVE-2023-1055 | Improper Certificate Validation vulnerability in multiple products A flaw was found in RHDS 11 and RHDS 12. | 5.5 |
| 2022-10-14 | CVE-2022-2850 | NULL Pointer Dereference vulnerability in multiple products A flaw was found In 389-ds-base. | 6.5 |
| 2022-06-02 | CVE-2022-1949 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products An access control bypass vulnerability found in 389-ds-base. | 7.5 |
| 2021-03-26 | CVE-2020-35518 | Information Exposure Through Discrepancy vulnerability in Redhat 389 Directory Server When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. | 5.0 |
| 2020-01-09 | CVE-2010-3282 | Cleartext Storage of Sensitive Information vulnerability in multiple products 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. | 1.9 |
| 2019-11-05 | CVE-2010-2222 | NULL Pointer Dereference vulnerability in Redhat 389 Directory Server and Directory Server The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. | 5.0 |
| 2013-11-23 | CVE-2013-4485 | Improper Input Validation vulnerability in multiple products 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request. | 4.0 |
| 2013-07-31 | CVE-2013-2219 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute. | 4.0 |
| 2012-07-03 | CVE-2012-2746 | Cryptographic Issues vulnerability in multiple products 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. | 2.1 |