CVSS: 8.8EPSS: 0%CPEs: 42EXPL: 0CVE-2012-2678 – rhds/389: plaintext password disclosure flaw
https://notcve.org/view.php?id=CVE-2012-2678
03 Jul 2012 — 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. "389 Directory Server" antes de v1.2.11.6 (también conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contraseña de un usuario de LDAP ha cambiado y anyes de que el servidor haya sido reiniciado, permite a atacantes remot... • http://directory.fedoraproject.org/wiki/Release_Notes • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 42EXPL: 0CVE-2012-2746 – rhds/389: plaintext password disclosure in audit log
https://notcve.org/view.php?id=CVE-2012-2746
03 Jul 2012 — 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. "389 Directory Server" antes de v1.2.11.6 (también conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contraseña de un usuario de LDAP ha cambiado y el registro de auditoría está habilitada, guarda la nueva contraseña... • http://directory.fedoraproject.org/wiki/Release_Notes • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-0019 – Server: crash with multiple simple paged result searches
https://notcve.org/view.php?id=CVE-2011-0019
23 Feb 2011 — slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. slapd (también conocido como ns-slapd) en 389 Directory Server v1.2.7.5 (también conocido como Red Hat Directory Server v8.2.x o dirsrv) no gestiona correctamente las consultas paginadas simples, lo que permite ... • http://www.redhat.com/support/errata/RHSA-2011-0293.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2011-0022 – Server: insecure pid file directory permissions
https://notcve.org/view.php?id=CVE-2011-0022
23 Feb 2011 — The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. Las secuencias de comandos de configuración en 389 Directory Server v1.2.x (también conocido como Red Hat Directory Server 8.2.x)), cuando varias instancias sin p... • http://www.redhat.com/support/errata/RHSA-2011-0293.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2011-1067
https://notcve.org/view.php?id=CVE-2011-1067
23 Feb 2011 — slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019. slapd (también conocido como ns-slapd) en 389 Directory Server anterior a v1.2.8.a2, no maneja adecuadamente el campo c_timelimit del elemento d... • http://directory.fedoraproject.org/wiki/Release_Notes • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2011-0532 – Server: use of insecure LD_LIBRARY_PATH settings
https://notcve.org/view.php?id=CVE-2011-0532
23 Feb 2011 — The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Las secuencias de comandos de (1) copia de seguridad y restauración (2) inicialización principal, y (3) ldap-agente en 389 Directory Server v1.2.x (también conocido como Red Hat Di... • http://www.redhat.com/support/errata/RHSA-2011-0293.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2010-4746
https://notcve.org/view.php?id=CVE-2010-4746
23 Feb 2011 — Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019. múltiples pérdidas de memoria en la funcionalidad de la normalización en 389 Directory Server anteriores a v1.2.7.5 permite a atacantes remoto... • http://directory.fedoraproject.org/wiki/Release_Notes • CWE-399: Resource Management Errors •