Total
52 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5186 | 2 Netiq, Novell | 4 Edirectory, Imanager, Edirectory and 1 more | 2025-04-20 | 4.3 MEDIUM | 7.5 HIGH |
| Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | |||||
| CVE-2016-9168 | 1 Novell | 1 Edirectory | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. | |||||
| CVE-2016-5747 | 1 Novell | 1 Edirectory | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | |||||
| CVE-2016-9167 | 1 Novell | 1 Edirectory | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. | |||||
| CVE-2014-5213 | 1 Novell | 1 Edirectory | 2025-04-12 | 4.0 MEDIUM | N/A |
| nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. | |||||
| CVE-2014-5212 | 1 Novell | 1 Edirectory | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. | |||||
| CVE-2009-4654 | 2 Microsoft, Novell | 2 Windows, Edirectory | 2025-04-11 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. | |||||
| CVE-2009-4653 | 2 Microsoft, Novell | 2 Windows, Edirectory | 2025-04-11 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. | |||||
| CVE-2010-0666 | 1 Novell | 1 Edirectory | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. | |||||
| CVE-2010-4327 | 1 Novell | 1 Edirectory | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524. | |||||
| CVE-2009-4655 | 1 Novell | 1 Edirectory | 2025-04-11 | 7.5 HIGH | N/A |
| The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | |||||
| CVE-2008-3159 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
| Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic." | |||||
| CVE-2006-4177 | 1 Novell | 1 Edirectory | 2025-04-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. | |||||
| CVE-2006-4510 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
| The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory. | |||||
| CVE-2008-0927 | 2 Microsoft, Novell | 2 Windows-nt, Edirectory | 2025-04-09 | 5.0 MEDIUM | N/A |
| dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777. | |||||
| CVE-2006-5478 | 1 Novell | 1 Edirectory | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services. | |||||
| CVE-2008-0925 | 1 Novell | 1 Edirectory | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack." | |||||
| CVE-2006-5479 | 1 Novell | 1 Edirectory | 2025-04-09 | 5.0 MEDIUM | N/A |
| The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." | |||||
| CVE-2008-5094 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors. | |||||
| CVE-2008-5091 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." | |||||