Vulnerabilities > Redhat > Directory Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-6237 | Unspecified vulnerability in Redhat products A flaw was found in the 389 Directory Server. | 6.5 |
| 2023-02-27 | CVE-2023-1055 | Improper Certificate Validation vulnerability in multiple products A flaw was found in RHDS 11 and RHDS 12. | 5.5 |
| 2022-10-14 | CVE-2022-2850 | NULL Pointer Dereference vulnerability in multiple products A flaw was found In 389-ds-base. | 6.5 |
| 2021-03-26 | CVE-2020-35518 | Information Exposure Through Discrepancy vulnerability in Redhat 389 Directory Server When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. | 5.0 |
| 2019-11-05 | CVE-2010-2222 | NULL Pointer Dereference vulnerability in Redhat 389 Directory Server and Directory Server The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. | 5.0 |
| 2013-11-23 | CVE-2013-4485 | Improper Input Validation vulnerability in multiple products 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request. | 4.0 |
| 2013-07-31 | CVE-2013-2219 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute. | 4.0 |
| 2011-02-23 | CVE-2011-0532 | Permissions, Privileges, and Access Controls vulnerability in multiple products The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.2 |
| 2011-02-23 | CVE-2011-0022 | Resource Management Errors vulnerability in multiple products The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. | 4.7 |
| 2008-08-29 | CVE-2008-2929 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping. | 4.3 |