Vulnerabilities > Novell > Edirectory > 8.7.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-02 | CVE-2017-9277 | Unspecified vulnerability in Novell Edirectory The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. | 7.5 |
| 2018-03-02 | CVE-2017-9267 | Unspecified vulnerability in Novell Edirectory In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. | 7.5 |
| 2017-03-23 | CVE-2016-5747 | Improper Access Control vulnerability in Novell Edirectory A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | 7.5 |
| 2014-12-19 | CVE-2014-5213 | Information Exposure vulnerability in Novell Edirectory 8.7.3/8.8 nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. | 4.0 |
| 2014-12-19 | CVE-2014-5212 | Cross-Site Scripting vulnerability in Novell Edirectory 8.7.3/8.8 Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. | 4.3 |
| 2010-02-19 | CVE-2010-0666 | Unspecified vulnerability in Novell Edirectory Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. | 5.0 |
| 2009-12-03 | CVE-2009-0895 | Numeric Errors vulnerability in Novell Edirectory Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. | 10.0 |
| 2009-11-04 | CVE-2009-3862 | Improper Authentication vulnerability in Novell Edirectory The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. | 5.0 |
| 2008-11-14 | CVE-2008-5094 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors. | 10.0 |
| 2008-11-14 | CVE-2008-5093 | Cross-Site Scripting vulnerability in Novell Edirectory Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |