Vulnerabilities > Novell > Edirectory > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-02 | CVE-2017-9277 | Unspecified vulnerability in Novell Edirectory The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. | 7.5 |
| 2018-03-02 | CVE-2017-9267 | Unspecified vulnerability in Novell Edirectory In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. | 7.5 |
| 2017-04-27 | CVE-2017-5186 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | 7.5 |
| 2017-03-23 | CVE-2016-9167 | Permissions, Privileges, and Access Controls vulnerability in Novell Edirectory NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. | 7.5 |
| 2017-03-23 | CVE-2016-5747 | Improper Access Control vulnerability in Novell Edirectory A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | 7.5 |
| 2010-02-26 | CVE-2009-4655 | Cryptographic Issues vulnerability in Novell Edirectory 8.8.5 The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | 7.5 |
| 2008-03-28 | CVE-2008-0926 | Improper Authentication vulnerability in Novell Edirectory The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. | 7.5 |
| 2007-04-30 | CVE-2006-4520 | Denial Of Service vulnerability in Novell EDirectory NCP Fragment Length ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. | 7.8 |
| 2006-11-08 | CVE-2006-5814 | Remote Security vulnerability in eDirectory Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. | 7.5 |
| 2006-10-24 | CVE-2006-5478 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . | 7.5 |