A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
Max CVSS
6.5
EPSS Score
0.14%
Published
2022-03-23
Updated
2023-04-24
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.
Max CVSS
6.5
EPSS Score
0.06%
Published
2021-05-28
Updated
2023-04-24
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Max CVSS
5.3
EPSS Score
0.11%
Published
2021-03-26
Updated
2022-08-05
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
Max CVSS
6.5
EPSS Score
3.44%
Published
2018-09-11
Updated
2019-10-09
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-11-05
Updated
2019-11-08
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!