Novell Edirectory
13 CVEs affecting Novell Edirectory. Latest disclosed: 2018-03-02. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-5186 | High | 7.5 | 2017-04-27 | Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x be… |
CVE-2016-9167 | High | 7.5 | 2017-03-23 | NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation… |
CVE-2016-5747 | High | 7.5 | 2017-03-23 | A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intend… |
CVE-2017-9267 | Medium | 6.5 | 2018-03-02 | In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operat… |
CVE-2016-9168 | Medium | 6.5 | 2017-03-23 | A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. |
CVE-2017-9277 | Medium | 4.2 | 2018-03-02 | The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. |
CVE-2014-5213 | | 2014-12-19 | nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain… | |
CVE-2014-5212 | | 2014-12-19 | Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary… | |
CVE-2010-4327 | | 2011-02-10 | Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of se… | |
CVE-2009-4655 | | 2010-02-26 | The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modifie… | |
CVE-2009-4654 | | 2010-02-26 | Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long s… | |
CVE-2009-4653 | | 2010-02-26 | Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost… | |
CVE-2010-0666 | | 2010-02-19 | Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a… |