Vulnerabilities > Redhat > Directory Server

DATE CVE VULNERABILITY TITLE RISK
2023-02-27 CVE-2023-1055 Improper Certificate Validation vulnerability in multiple products
A flaw was found in RHDS 11 and RHDS 12.
local
low complexity
redhat fedoraproject CWE-295
5.5
2022-10-14 CVE-2022-2850 NULL Pointer Dereference vulnerability in multiple products
A flaw was found In 389-ds-base.
network
low complexity
redhat fedoraproject port389 debian CWE-476
6.5
2022-06-02 CVE-2022-1949 Authorization Bypass Through User-Controlled Key vulnerability in multiple products
An access control bypass vulnerability found in 389-ds-base.
network
low complexity
port389 redhat fedoraproject CWE-639
7.5
2021-03-26 CVE-2020-35518 Information Exposure Through Discrepancy vulnerability in Redhat 389 Directory Server
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not.
network
low complexity
redhat CWE-203
5.0
2020-01-09 CVE-2010-3282 Cleartext Storage of Sensitive Information vulnerability in multiple products
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
1.9
2019-11-05 CVE-2010-2222 NULL Pointer Dereference vulnerability in Redhat 389 Directory Server and Directory Server
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.
network
low complexity
redhat CWE-476
5.0
2013-11-23 CVE-2013-4485 Improper Input Validation vulnerability in multiple products
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
network
low complexity
redhat fedoraproject CWE-20
4.0
2013-07-31 CVE-2013-2219 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.
network
low complexity
fedoraproject redhat CWE-264
4.0
2012-07-03 CVE-2012-2746 Cryptographic Issues vulnerability in multiple products
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
network
high complexity
redhat fedoraproject CWE-310
2.1
2012-07-03 CVE-2012-2678 Cryptographic Issues vulnerability in multiple products
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
local
high complexity
redhat fedoraproject CWE-310
1.2