389 Directory Server CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2012-2746	2 Fedoraproject, Redhat	3 389 Directory Server, Directory Server, Enterprise Linux	2024-08-06	N/A
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
CVE-2012-2678	2 Fedoraproject, Redhat	3 389 Directory Server, Directory Server, Enterprise Linux	2024-08-06	N/A
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
CVE-2013-4283	2 Fedoraproject, Redhat	2 389 Directory Server, Enterprise Linux	2024-08-06	N/A
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
CVE-2024-6237	1 Redhat	3 389 Directory Server, Directory Server, Enterprise Linux	2024-08-06	5.3 Medium
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

« first previous Page 3 of 3.