Edirectory

edirectory

Vendor: Novell • 51 CVEs

CVEs (51)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-9277 1Novell 1Edirectory Nov 21, 2024 Mar 2, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
CVE-2017-9267 1Novell 1Edirectory Nov 21, 2024 Mar 2, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
CVE-2017-5186 2Netiq Novell 4Edirectory EdirectoryImanager+1 more May 13, 2026 Apr 27, 2017 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing...Show more Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.Show less
CVE-2016-9168 1Novell 1Edirectory May 13, 2026 Mar 23, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.
CVE-2016-9167 1Novell 1Edirectory May 13, 2026 Mar 23, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtere...Show more NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.Show less
CVE-2016-5747 1Novell 1Edirectory May 13, 2026 Mar 23, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.
CVE-2014-5213 1Novell 1Edirectory May 6, 2026 Dec 19, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct reque...Show more nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.Show less
CVE-2014-5212 1Novell 1Edirectory May 6, 2026 Dec 19, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter.
CVE-2010-4327 1Novell 1Edirectory Apr 29, 2026 Feb 10, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524.
CVE-2009-4655 1Novell 1Edirectory Apr 29, 2026 Feb 26, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
CVE-2009-4654 1Novell 1Edirectory Apr 29, 2026 Feb 26, 2010 N/A· v4 N/A· v3 9.0 HIGH· v2 Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhos...Show more Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.Show less
CVE-2009-4653 1Novell 1Edirectory Apr 29, 2026 Feb 26, 2010 N/A· v4 N/A· v3 9.0 HIGH· v2 Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long str...Show more Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:.Show less
CVE-2010-0666 1Novell 1Edirectory Apr 29, 2026 Feb 19, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926.
CVE-2009-0895 1Novell 1Edirectory Apr 23, 2026 Dec 3, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a h...Show more Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.Show less
CVE-2009-3862 1Novell 1Edirectory Apr 23, 2026 Nov 4, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (app...Show more The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value.Show less
CVE-2009-2457 1Novell 1Edirectory Apr 23, 2026 Jul 14, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet.
CVE-2009-2456 1Novell 1Edirectory Apr 23, 2026 Jul 14, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distingu...Show more The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN).Show less
CVE-2009-0192 1Novell 1Edirectory Apr 23, 2026 Jul 14, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language head...Show more Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow.Show less
CVE-2008-5094 1Novell 1Edirectory Apr 23, 2026 Nov 14, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.
CVE-2008-5093 1Novell 1Edirectory Apr 23, 2026 Nov 14, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

12 3 Next