Skip to main content

389 Directory Server

35 CVEs product

Monthly

CVE-2026-9064 HIGH PATCH This Week

Denial of service in 389-ds-base LDAP server allows remote unauthenticated attackers to exhaust CPU and heap memory by sending a single LDAP request packed with hundreds of thousands of minimal controls. Because get_ldapmessage_controls_ext() does not cap the per-message control count, the 2 MB default BER message limit is the only ceiling, and concurrent abuse causes worker thread starvation or OOM termination. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Denial Of Service Directory Server 389 Directory Server Enterprise Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-6237 MEDIUM This Month

A flaw was found in the 389 Directory Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Directory Server 389 Directory Server Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-1062 MEDIUM This Month

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service 389 Directory Server Directory Server +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-1949 HIGH PATCH This Week

An access control bypass vulnerability found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure 389 Directory Server Directory Server Enterprise Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-0996 MEDIUM POC This Month

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 389 Directory Server Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-3514 MEDIUM This Month

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service 389 Directory Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-10224 MEDIUM This Month

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-14824 MEDIUM This Month

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server Enterprise Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-10171 HIGH This Week

It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat 389 Directory Server Enterprise Linux Server Eus
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-3883 HIGH This Week

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Debian Linux Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
8.4%
CVE-2018-14648 HIGH This Week

A flaw was found in 389 Directory Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Debian Linux Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
6.2%
CVE-2018-14638 HIGH This Week

A flaw was found in 389-ds-base before version 1.3.8.4-13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Aus Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-10935 MEDIUM This Month

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2018-14624 HIGH POC This Week

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +4
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-10871 HIGH This Week

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server Debian Linux
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-10850 MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server Debian Linux Enterprise Linux +6
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-1089 HIGH PATCH This Week

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Denial Of Service Buffer Overflow 389 Directory Server Enterprise Linux Desktop +3
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2018-1054 HIGH PATCH This Week

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow 389 Directory Server Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
7.5
EPSS
4.8%
CVE-2015-1854 HIGH This Week

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 389 Directory Server Fedora Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-7551 CRITICAL POC Act Now

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 389 Directory Server
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-0741 HIGH PATCH This Week

slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +2
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2015-3230 HIGH PATCH This Week

389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure 389 Directory Server
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-8112 MEDIUM This Month

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server Fedora
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-8105 MEDIUM This Month

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server Fedora
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3562 MEDIUM This Month

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure 389 Directory Server Directory Server Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0132 MEDIUM POC PATCH This Month

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass 389 Directory Server
NVD VulDB
CVSS 2.0
6.5
EPSS
0.6%
CVE-2013-4485 MEDIUM This Month

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux 389 Directory Server Directory Server
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-4283 MEDIUM PATCH This Month

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service 389 Directory Server
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-2219 MEDIUM This Month

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation 389 Directory Server Directory Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-1897 LOW Monitor

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation 389 Directory Server
NVD
CVSS 2.0
2.6
EPSS
0.4%
CVE-2013-0312 MEDIUM This Month

389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2012-4450 MEDIUM PATCH This Month

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation 389 Directory Server
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2012-2746 LOW Monitor

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Directory Server 389 Directory Server
NVD
CVSS 2.0
2.1
EPSS
0.5%
CVE-2012-2678 LOW Monitor

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers. Rated low severity (CVSS 1.2). No vendor patch available.

Red Hat Information Disclosure Directory Server 389 Directory Server
NVD
CVSS 2.0
1.2
EPSS
0.2%
CVE-2012-0833 LOW POC Monitor

The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups,. Rated low severity (CVSS 2.3). Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service 389 Directory Server
NVD
CVSS 2.0
2.3
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in 389-ds-base LDAP server allows remote unauthenticated attackers to exhaust CPU and heap memory by sending a single LDAP request packed with hundreds of thousands of minimal controls. Because get_ldapmessage_controls_ext() does not cap the per-message control count, the 2 MB default BER message limit is the only ceiling, and concurrent abuse causes worker thread starvation or OOM termination. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Denial Of Service Directory Server 389 Directory Server +1
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

A flaw was found in the 389 Directory Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Directory Server 389 Directory Server +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service +13
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An access control bypass vulnerability found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure 389 Directory Server +3
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 389 Directory Server Fedora +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service 389 Directory Server
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM This Month

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server Enterprise Linux +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat 389 Directory Server +1
NVD
EPSS 8% CVSS 7.5
HIGH This Week

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Debian Linux +1
NVD
EPSS 6% CVSS 7.5
HIGH This Week

A flaw was found in 389 Directory Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Debian Linux +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A flaw was found in 389-ds-base before version 1.3.8.4-13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Aus +5
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Desktop +6
NVD
EPSS 1% CVSS 7.2
HIGH This Week

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server Debian Linux
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server +8
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Denial Of Service Buffer Overflow +5
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow 389 Directory Server +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 389 Directory Server Fedora +1
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 389 Directory Server
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Enterprise Linux Enterprise Linux Desktop +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure 389 Directory Server
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server Fedora
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server Fedora
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure 389 Directory Server +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass 389 Directory Server
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM This Month

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux +2
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service 389 Directory Server
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation 389 Directory Server +1
NVD
EPSS 0% CVSS 2.6
LOW Monitor

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation 389 Directory Server
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation 389 Directory Server
NVD
EPSS 1% CVSS 2.1
LOW Monitor

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Directory Server +1
NVD
EPSS 0% CVSS 1.2
LOW Monitor

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers. Rated low severity (CVSS 1.2). No vendor patch available.

Red Hat Information Disclosure Directory Server +1
NVD
EPSS 0% CVSS 2.3
LOW POC Monitor

The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups,. Rated low severity (CVSS 2.3). Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service 389 Directory Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy