CVE-2026-11793

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

RHEL 8 : redhat-ds:11 (RHSA-2026:5568)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5568 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP serve...

Oracle Linux 8 : 389-ds:1.4 (ELSA-2026-5513)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-5513 advisory. - Resolves: RHEL-137074 - CVE-2025-14905 389-ds:1.4/389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow rhel-8.10.z...

RHEL 9 : 389-ds-base (RHSA-2026:3189)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3189 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

MiracleLinux 7 : 389-ds-base-1.3.6.1-19.el7 (AXSA:2017-2225:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2225:06 advisory. A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continu...

MiracleLinux 4 : 389-ds-base-1.2.11.15-11.AXS4 (AXSA:2013-134:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-134:01 advisory. 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. Security...

Linux Distros Unpatched Vulnerability : CVE-2017-2668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote...

CVE-2007-6743

Double free vulnerability in IBM Tivoli Directory Server TDS 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service ABEND via search operations that trigger recursive filterfree calls...

The vulnerability of the IBM Security Directory Server software lies in the lack of encryption for confidential data, which allows attackers to carry out “man-in-the-middle” attacks.

The vulnerability of the IBM Security Directory Server data storage and management software is related to the lack of encryption for confidential data. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

389-ds-base: expired password was still allowed to access the database

A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication...

CVE-2019-4549

IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951...

389-ds-base: ACI readable by anonymous user

It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI Access Control Instructions could be read by an anonymous user. This could lead to leakage of sensitive information...

CVE-2013-4485

389 Directory Server 1.2.11.15 aka Red Hat Directory Server before 8.2.11-14 allows remote authenticated users to cause a denial of service crash via multiple @ characters in a GER attribute list in a search request...

CVE-2013-2219

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute...