Vulnerabilities > Novell > Edirectory > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-07-14 | CVE-2008-1809 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory 8.7.3/8.8 Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters." | 10.0 |
2008-07-14 | CVE-2008-3159 | Numeric Errors vulnerability in Novell Edirectory 8.7.3/8.8 Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic." | 10.0 |
2006-10-24 | CVE-2006-4509 | Multiple vulnerability in Novell Edirectory 8.8/8.8.1 Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. | 10.0 |
2006-10-24 | CVE-2006-4510 | Multiple vulnerability in Novell Edirectory 8.8/8.8.1 The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory. | 10.0 |
2006-05-20 | CVE-2006-2496 | Buffer Overflow vulnerability in Novell Edirectory and Imonitor Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | 10.0 |
2002-12-31 | CVE-2002-2119 | Improper Handling of Case Sensitivity vulnerability in Novell Edirectory 8.6.2/8.7 Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing. | 9.8 |