Directory Server CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2011-0022	2 Fedoraproject, Redhat	2 389 Directory Server, Directory Server	2024-08-06	N/A
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.
CVE-2011-0019	2 Fedoraproject, Redhat	2 389 Directory Server, Directory Server	2024-08-06	N/A
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.
CVE-2012-2746	2 Fedoraproject, Redhat	3 389 Directory Server, Directory Server, Enterprise Linux	2024-08-06	N/A
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
CVE-2012-2678	2 Fedoraproject, Redhat	3 389 Directory Server, Directory Server, Enterprise Linux	2024-08-06	N/A
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
CVE-2024-6237	1 Redhat	3 389 Directory Server, Directory Server, Enterprise Linux	2024-08-06	5.3 Medium
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

« first previous Page 3 of 3.