CVE-2024-6237

all versions

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while se

6.5MEDIUM

CVE-2024-1062

< 2.2.0

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars

5.5MEDIUM

CVE-2022-1949

>= 1.3.0.0 and <= 2.0.0

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, bu

7.5HIGH

CVE-2022-0996

all versions

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authe

6.5MEDIUM

CVE-2021-3514

all versions

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially cra

6.5MEDIUM

CVE-2020-35518

< 1.4.3.19

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This c

5.3MEDIUM

CVE-2010-3282

< 1.2.7.1

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit lo

3.3LOW

CVE-2019-10224

>= 1.4.0.0 and < 1.4.1.3

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf comma

4.6MEDIUM

CVE-2019-14824

all versions

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In s

6.5MEDIUM

CVE-2010-2222

all versions

The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of s

7.5HIGH

CVE-2019-10171

>= 1.4.0.0 and < 1.4.0.17

It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5

7.5HIGH

CVE-2019-3883

<= 1.4.1.2

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at mo

7.5HIGH

CVE-2018-14648

< 1.4.0.17

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_searc

7.5HIGH

CVE-2018-14638

< 1.3.8.4

A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persi

7.5HIGH

CVE-2018-10935

>= 1.3.0.0 and < 1.3.8.7

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server si

6.5MEDIUM

CVE-2018-14624

<= 1.3.7.10

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log

7.5HIGH

CVE-2018-10871

< 1.3.8.5

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the

3.8LOW

CVE-2017-2668

>= 1.3.5.0 and < 1.3.5.17

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests ar

6.5MEDIUM

CVE-2018-10850

< 1.4.0.10

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search,

5.9MEDIUM

CVE-2018-1089

>= 1.3.6.0 and < 1.3.6.15

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes

7.5HIGH

CVE-2011-0704

all versions

389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sen

5.9MEDIUM

CVE-2017-2591

< 1.3.6

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function

3.7LOW

CVE-2018-1054

<= 1.4.0.6

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions inc

7.5HIGH

CVE-2017-15134

>= 1.3.6.1 and < 1.3.6.13

A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.

7.5HIGH

CVE-2017-15135

>= 1.3.6.1 and <= 1.4.0.3

It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations

8.1HIGH

CVE-2015-1854

<= 1.3.3.9

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a cr

7.5HIGH

CVE-2017-7551

all versions

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to diffe

9.8CRITICAL

CVE-2016-0741

all versions

slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to ca

7.5HIGH

CVE-2015-3230

<= 1.3.3.10

389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creatin

CVE-2014-8112

all versions

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslap

CVE-2014-8105

<= 1.3.2.26

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-t

CVE-2014-3562

all versions

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replic

CVE-2014-0132

<= 1.2.11.25

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an

CVE-2013-4485

all versions

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial

CVE-2013-4283

<= 1.3.0.7

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted

CVE-2013-2219

all versions

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which

CVE-2013-1897

all versions

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does

CVE-2013-0312

<= 1.3.0.3

389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control se

CVE-2012-4450

all versions

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote a

CVE-2012-2746

<= 1.2.11.5

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been cha

CVE-2012-2678

<= 1.2.11.5

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been c

CVE-2012-0833

<= 1.2.10

The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly ha

CVE-2011-1067

<= 1.2.8

slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection tabl

CVE-2011-0532

all versions

The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka R

CVE-2011-0022

all versions

The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are con

CVE-2011-0019

all versions

slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simpl

CVE-2010-4746

<= 1.2.7

Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a