Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:novell:edirectory:8.7.1:sp1
There are 22 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2017-9277

The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.

Published: March 02, 2018; 3:29:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-9267

In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.

Published: March 02, 2018; 3:29:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-5747

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.

Published: March 23, 2017; 2:59:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2010-0666

Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926.

Published: February 19, 2010; 12:30:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-5094

Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.

Published: November 14, 2008; 2:20:54 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-5093

Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Published: November 14, 2008; 2:20:54 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-5092

Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.

Published: November 14, 2008; 2:20:54 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-5091

Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter."

Published: November 14, 2008; 2:20:54 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-5038

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.

Published: November 12, 2008; 4:09:03 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-4478

Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.

Published: October 14, 2008; 6:36:53 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-0927

dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.

Published: April 14, 2008; 12:05:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-0924

Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field.

Published: March 28, 2008; 2:44:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-0926

The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.

Published: March 28, 2008; 2:44:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4520

ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file.

Published: April 30, 2007; 6:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-5814

Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.

Published: November 08, 2006; 6:07:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4177

Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.

Published: October 24, 2006; 4:07:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-5478

Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.

Published: October 24, 2006; 4:07:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-5479

The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment."

Published: October 24, 2006; 4:07:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-4185

Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan.

Published: August 16, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2004-0079

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Published: November 23, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM