Skip to main content

Directory Server

14 CVEs product

Monthly

CVE-2026-9064 HIGH PATCH This Week

Denial of service in 389-ds-base LDAP server allows remote unauthenticated attackers to exhaust CPU and heap memory by sending a single LDAP request packed with hundreds of thousands of minimal controls. Because get_ldapmessage_controls_ext() does not cap the per-message control count, the 2 MB default BER message limit is the only ceiling, and concurrent abuse causes worker thread starvation or OOM termination. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Denial Of Service Directory Server 389 Directory Server Enterprise Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-6237 MEDIUM This Month

A flaw was found in the 389 Directory Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Directory Server 389 Directory Server Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-1062 MEDIUM This Month

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service 389 Directory Server Directory Server +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1055 MEDIUM This Month

A flaw was found in RHDS 11 and RHDS 12. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Directory Server Fedora
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-2850 MEDIUM POC This Month

A flaw was found In 389-ds-base. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Directory Server Enterprise Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-1949 HIGH PATCH This Week

An access control bypass vulnerability found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure 389 Directory Server Directory Server Enterprise Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-3870 MEDIUM POC PATCH This Month

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Samba Fedora Directory Server Router Manager +3
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2017-7421 MEDIUM This Month

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Directory Server Enterprise Developer Enterprise Server Enterprise Server Monitor And Control
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-5187 HIGH This Week

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Directory Server Enterprise Developer Enterprise Server Enterprise Server Monitor And Control
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2014-3562 MEDIUM This Month

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure 389 Directory Server Directory Server Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-4485 MEDIUM This Month

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux 389 Directory Server Directory Server
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-2219 MEDIUM This Month

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation 389 Directory Server Directory Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-2746 LOW Monitor

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Directory Server 389 Directory Server
NVD
CVSS 2.0
2.1
EPSS
0.5%
CVE-2012-2678 LOW Monitor

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers. Rated low severity (CVSS 1.2). No vendor patch available.

Red Hat Information Disclosure Directory Server 389 Directory Server
NVD
CVSS 2.0
1.2
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in 389-ds-base LDAP server allows remote unauthenticated attackers to exhaust CPU and heap memory by sending a single LDAP request packed with hundreds of thousands of minimal controls. Because get_ldapmessage_controls_ext() does not cap the per-message control count, the 2 MB default BER message limit is the only ceiling, and concurrent abuse causes worker thread starvation or OOM termination. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Denial Of Service Directory Server 389 Directory Server +1
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

A flaw was found in the 389 Directory Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Directory Server 389 Directory Server +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service +13
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in RHDS 11 and RHDS 12. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Directory Server Fedora
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A flaw was found In 389-ds-base. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Directory Server +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An access control bypass vulnerability found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure 389 Directory Server +3
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Samba Fedora +5
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Directory Server Enterprise Developer +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Directory Server Enterprise Developer +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure 389 Directory Server +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation 389 Directory Server +1
NVD
EPSS 1% CVSS 2.1
LOW Monitor

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Directory Server +1
NVD
EPSS 0% CVSS 1.2
LOW Monitor

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers. Rated low severity (CVSS 1.2). No vendor patch available.

Red Hat Information Disclosure Directory Server +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy