Edirectory

edirectory

Vendor: Novell • 51 CVEs

CVEs (51)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-4509 1Novell 1Edirectory Apr 23, 2026 Oct 24, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.
CVE-2006-4186 1Novell 1Edirectory Apr 16, 2026 Aug 17, 2006 N/A· v4 N/A· v3 2.1 LOW· v2 The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file.
CVE-2006-4185 1Novell 1Edirectory Apr 16, 2026 Aug 17, 2006 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan.
CVE-2006-2496 1Novell 2Edirectory Imonitor Apr 16, 2026 May 20, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
CVE-2005-2551 1Novell 1Edirectory Apr 16, 2026 Aug 12, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
CVE-2005-1729 1Novell 1Edirectory Apr 16, 2026 Jun 12, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1.
CVE-2004-0112 244d AppleAvaya+21 more 65Aaa Server Access RegistrarApache Based Web Server+62 more Apr 16, 2026 Nov 23, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a de...Show more The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.Show less
CVE-2004-0081 234d AppleAvaya+20 more 66Aaa Server Access RegistrarApache Based Web Server+63 more Apr 16, 2026 Nov 23, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVE-2004-0079 234d AppleAvaya+20 more 66Aaa Server Access RegistrarApache Based Web Server+63 more Apr 16, 2026 Nov 23, 2004 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2002-1552 1Novell 1Edirectory Apr 16, 2026 Mar 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager.
CVE-2002-2119 1Novell 1Edirectory Apr 16, 2026 Dec 31, 2002 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.

Previous 1 23