CVE search results

41 – 50 of 53 results

Detailed view

Sort by:

CVE-2014-8105

Medium priority

Ignored

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog...

2 affected packages

389-ds-base, freeipa

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
389-ds-base	—	—	—	Not affected	Not affected
freeipa	—	—	—	Not affected	Not affected

CVE-2014-3562

Medium priority

Ignored

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

1 affected package

389-ds-base

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
389-ds-base	—	—	—	Not affected	Not affected

CVE-2014-0132

High priority

Ignored

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.

1 affected package

389-ds-base

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
389-ds-base	—	—	—	—	Not affected

CVE-2013-4485

Medium priority

Ignored

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

1 affected package

389-ds-base

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
389-ds-base	—	—	—	—	Not affected

CVE-2013-4283

Medium priority

Ignored

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.

1 affected package

389-ds-base

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
389-ds-base	—	—	—	—	Not affected

CVE-2013-2219

Medium priority

Ignored

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.

1 affected package

389-ds-base

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
389-ds-base	—	—	—	—	Not affected

CVE-2013-1897

Medium priority

Ignored

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is...

1 affected package

389-ds-base

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
389-ds-base	—	—	—	—	Not affected

CVE-2013-0336

Medium priority

Ignored

The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request...

2 affected packages

389-ds-base, freeipa

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
389-ds-base	—	—	—	—	—
freeipa	—	—	—	—	—

CVE-2013-0312

Medium priority

Ignored

389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.

1 affected package

389-ds-base

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
389-ds-base	—	—	—	—	Not affected

CVE-2012-4450

Medium priority

Ignored

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.

1 affected package

389-ds-base

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
389-ds-base	—	—	—	—	Not affected

Export to JSON

Results by page:

Search CVE reports