Fedoraproject 389_directory_server
22 CVEs affecting Fedoraproject 389_directory_server. Latest disclosed: 2017-09-19. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-7551 | Critical | 9.8 | 2017-08-16 | 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on… |
CVE-2015-1854 | High | 7.5 | 2017-09-19 | 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. |
CVE-2016-0741 | High | 7.5 | 2016-04-19 | slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infi… |
CVE-2015-3230 | | 2015-10-29 | 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows… | |
CVE-2014-8112 | | 2015-03-10 | 389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option i… | |
CVE-2014-8105 | | 2015-03-10 | 389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote atta… | |
CVE-2014-3562 | | 2014-08-21 | Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching th… | |
CVE-2014-0132 | | 2014-03-18 | The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privi… | |
CVE-2013-4485 | | 2013-11-23 | 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multi… | |
CVE-2013-4283 | | 2013-09-10 | ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a… | |
CVE-2013-2219 | | 2013-07-31 | The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated… | |
CVE-2013-1897 | | 2013-05-13 | The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access… | |
CVE-2013-0312 | | 2013-03-13 | 389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence. | |
CVE-2012-4450 | | 2012-10-01 | 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certa… | |
CVE-2012-2746 | | 2012-07-03 | 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is ena… | |
CVE-2012-2678 | | 2012-07-03 | 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server… | |
CVE-2012-0833 | | 2012-07-03 | The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instruct… | |
CVE-2011-1067 | | 2011-02-23 | slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remot… | |
CVE-2011-0532 | | 2011-02-23 | The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x… | |
CVE-2011-0022 | | 2011-02-23 | The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions… |