) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:novell:edirectory:8.8:-:*:*:*:windows:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2008-0926 |
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. Published: March 28, 2008; 2:44:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2006-4520 |
ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. Published: April 30, 2007; 6:19:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
| CVE-2006-5813 |
Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. Published: November 08, 2006; 6:07:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2006-5814 |
Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. Published: November 08, 2006; 6:07:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2006-4521 |
The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. Published: November 03, 2006; 7:07:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2006-4177 |
Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. Published: October 24, 2006; 4:07:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2006-4509 |
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. Published: October 24, 2006; 3:07:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2006-4510 |
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory. Published: October 24, 2006; 3:07:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2006-2496 |
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. Published: May 19, 2006; 11:02:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |