Edirectory
by Novell
CVEs (54)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-4478 | 0.01 | — | 0.10 | Oct 14, 2008 | Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which… | |||
| CVE-2008-3159 | 0.01 | — | 0.09 | Jul 14, 2008 | Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic." | |||
| CVE-2006-4510 | 0.01 | — | 0.06 | Oct 24, 2006 | The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid… | |||
| CVE-2006-4509 | 0.01 | — | 0.07 | Oct 24, 2006 | Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. | |||
| CVE-2006-2496 | 0.01 | — | 0.09 | May 20, 2006 | Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | |||
| CVE-2004-0081 | 0.01 | — | 0.07 | Nov 23, 2004 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | |||
| CVE-2004-0112 | 0.01 | — | 0.10 | Nov 23, 2004 | The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake… | |||
| CVE-2014-5213 | 0.00 | — | 0.02 | Dec 19, 2014 | nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. | |||
| CVE-2014-5212 | 0.00 | — | 0.02 | Dec 19, 2014 | Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. | |||
| CVE-2012-0430 | 0.00 | — | 0.02 | Dec 25, 2012 | Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. | |||
| CVE-2012-0428 | 0.00 | — | 0.02 | Dec 25, 2012 | Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2010-4327 | 0.00 | — | 0.03 | Feb 10, 2011 | Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524. | |||
| CVE-2010-0666 | 0.00 | — | 0.02 | Feb 19, 2010 | Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. | |||
| CVE-2009-3862 | 0.00 | — | 0.02 | Nov 4, 2009 | The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN… | |||
| CVE-2009-2457 | 0.00 | — | 0.02 | Jul 14, 2009 | The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. | |||
| CVE-2009-2456 | 0.00 | — | 0.03 | Jul 14, 2009 | The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). | |||
| CVE-2008-5094 | 0.00 | — | 0.02 | Nov 14, 2008 | Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors. | |||
| CVE-2008-5093 | 0.00 | — | 0.01 | Nov 14, 2008 | Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2008-5092 | 0.00 | — | 0.02 | Nov 14, 2008 | Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. | |||
| CVE-2008-5091 | 0.00 | — | 0.02 | Nov 14, 2008 | Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." |
- CVE-2008-4478Oct 14, 2008risk 0.01cvss —epss 0.10
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which…
- CVE-2008-3159Jul 14, 2008risk 0.01cvss —epss 0.09
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."
- CVE-2006-4510Oct 24, 2006risk 0.01cvss —epss 0.06
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid…
- CVE-2006-4509Oct 24, 2006risk 0.01cvss —epss 0.07
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.
- CVE-2006-2496May 20, 2006risk 0.01cvss —epss 0.09
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
- CVE-2004-0081Nov 23, 2004risk 0.01cvss —epss 0.07
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
- CVE-2004-0112Nov 23, 2004risk 0.01cvss —epss 0.10
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…
- CVE-2014-5213Dec 19, 2014risk 0.00cvss —epss 0.02
nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.
- CVE-2014-5212Dec 19, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter.
- CVE-2012-0430Dec 25, 2012risk 0.00cvss —epss 0.02
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.
- CVE-2012-0428Dec 25, 2012risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-4327Feb 10, 2011risk 0.00cvss —epss 0.03
Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524.
- CVE-2010-0666Feb 19, 2010risk 0.00cvss —epss 0.02
Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926.
- CVE-2009-3862Nov 4, 2009risk 0.00cvss —epss 0.02
The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN…
- CVE-2009-2457Jul 14, 2009risk 0.00cvss —epss 0.02
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet.
- CVE-2009-2456Jul 14, 2009risk 0.00cvss —epss 0.03
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN).
- CVE-2008-5094Nov 14, 2008risk 0.00cvss —epss 0.02
Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.
- CVE-2008-5093Nov 14, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2008-5092Nov 14, 2008risk 0.00cvss —epss 0.02
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.
- CVE-2008-5091Nov 14, 2008risk 0.00cvss —epss 0.02
Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter."
Page 2 of 3