Note:
This project will be discontinued after December 13, 2021. [more]
Product:
389_directory_server
(Redhat)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-23 | CVE-2022-0996 | A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | Fedora, 389_directory_server, Enterprise_linux | 6.5 | ||
| 2021-05-28 | CVE-2021-3514 | When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. | 389_directory_server | 6.5 | ||
| 2021-03-26 | CVE-2020-35518 | When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. | 389_directory_server, Directory_server, Enterprise_linux | 5.3 | ||
| 2019-11-05 | CVE-2010-2222 | The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. | 389_directory_server, Directory_server | N/A | ||
| 2018-09-11 | CVE-2018-10935 | A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. | 389_directory_server | N/A |