CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-15134 – 389-ds-base: Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c
https://notcve.org/view.php?id=CVE-2017-15134
25 Jan 2018 — A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. Se ha encontrado un error de desbordamiento de búfer basado en pila en la forma en la que 389-ds-base, en versiones 1.3.6.x anteriores a la 1.3.6.13, versiones 1.3.7.x anteriores... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 17%CPEs: 8EXPL: 0CVE-2017-2668 – 389-ds-base: Remote crash via crafted LDAP messages
https://notcve.org/view.php?id=CVE-2017-2668
11 Apr 2017 — 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. 389-ds-base en versiones anteriores a la 1.3.5.17 y 1.3.6.10 es vulnerable a una desreferencia de puntero inválido en la forma en la que se gestionan las peticiones LDAP. Un atacante remoto no autenticado podría emplear... • http://www.securityfocus.com/bid/97524 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0CVE-2016-0741 – 389-ds-base: worker threads do not detect abnormally closed connections causing DoS
https://notcve.org/view.php?id=CVE-2016-0741
16 Feb 2016 — slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection. slapd/connection.c en 389 Directory Server (anteriormente Fedora Directory Server) 1.3.4.x en versiones anteriores a 1.3.4.7 permite a atacantes remotos causar una denegación de servicio (bucle infinito y bloqueo de conexion) aprovechándose de una conexión cerrada de man... • http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2014-3562 – 389-ds: unauthenticated information disclosure
https://notcve.org/view.php?id=CVE-2014-3562
08 Aug 2014 — Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. Red Hat Directory Server 8 y 389 Directory Server, cuando depuración está habilitada, permite a atacantes remotos obtener metadatos replicados sensibles mediante la búsqueda del directorio. It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configurati... • http://rhn.redhat.com/errata/RHSA-2014-1031.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4485 – 389-ds-base: DoS due to improper handling of ger attr searches
https://notcve.org/view.php?id=CVE-2013-4485
21 Nov 2013 — 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request. 389 Directory Server 1.2.11.15 (también conocido como Red Hat Directory Server anterior a la versión 8.2.11-14) permite a usuarios remotos autenticados provocar una denegación de servicio (caída) a través de múltiples caracteres @ en una lista de atributo GER de una petición de búsqueda. Th... • http://rhn.redhat.com/errata/RHSA-2013-1752.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-2219 – Server: ACLs inoperative in some search scenarios
https://notcve.org/view.php?id=CVE-2013-2219
30 Jul 2013 — The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute. El Red Hat Directory Server 8.2.11-13 y 389 Directory Server, no restringe adecuadamente los atributos de entidad, lo que permite a usuarios autenticados remotamente obtener información sensible a través de una consulta de búsqueda hacia ese atributo. Red Hat Directory Server ... • http://rhn.redhat.com/errata/RHSA-2013-1116.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 42EXPL: 0CVE-2012-2678 – rhds/389: plaintext password disclosure flaw
https://notcve.org/view.php?id=CVE-2012-2678
03 Jul 2012 — 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. "389 Directory Server" antes de v1.2.11.6 (también conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contraseña de un usuario de LDAP ha cambiado y anyes de que el servidor haya sido reiniciado, permite a atacantes remot... • http://directory.fedoraproject.org/wiki/Release_Notes • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 42EXPL: 0CVE-2012-2746 – rhds/389: plaintext password disclosure in audit log
https://notcve.org/view.php?id=CVE-2012-2746
03 Jul 2012 — 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. "389 Directory Server" antes de v1.2.11.6 (también conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contraseña de un usuario de LDAP ha cambiado y el registro de auditoría está habilitada, guarda la nueva contraseña... • http://directory.fedoraproject.org/wiki/Release_Notes • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-0019 – Server: crash with multiple simple paged result searches
https://notcve.org/view.php?id=CVE-2011-0019
23 Feb 2011 — slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. slapd (también conocido como ns-slapd) en 389 Directory Server v1.2.7.5 (también conocido como Red Hat Directory Server v8.2.x o dirsrv) no gestiona correctamente las consultas paginadas simples, lo que permite ... • http://www.redhat.com/support/errata/RHSA-2011-0293.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2011-0022 – Server: insecure pid file directory permissions
https://notcve.org/view.php?id=CVE-2011-0022
23 Feb 2011 — The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. Las secuencias de comandos de configuración en 389 Directory Server v1.2.x (también conocido como Red Hat Directory Server 8.2.x)), cuando varias instancias sin p... • http://www.redhat.com/support/errata/RHSA-2011-0293.html • CWE-399: Resource Management Errors •