Vulnerabilities > Novell > Edirectory > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-23 | CVE-2016-9168 | Improper Input Validation vulnerability in Novell Edirectory A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. | 6.5 |
| 2014-12-19 | CVE-2014-5213 | Information Exposure vulnerability in Novell Edirectory 8.7.3/8.8 nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. | 4.0 |
| 2014-12-19 | CVE-2014-5212 | Cross-Site Scripting vulnerability in Novell Edirectory 8.7.3/8.8 Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. | 4.3 |
| 2011-02-10 | CVE-2010-4327 | Denial Of Service vulnerability in Novell eDirectory Server NCP Requests Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524. | 5.0 |
| 2010-02-19 | CVE-2010-0666 | Unspecified vulnerability in Novell Edirectory Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. | 5.0 |
| 2009-11-04 | CVE-2009-3862 | Improper Authentication vulnerability in Novell Edirectory The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. | 5.0 |
| 2009-07-14 | CVE-2009-2457 | Code Injection vulnerability in Novell Edirectory 8.8 The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. | 5.0 |
| 2009-07-14 | CVE-2009-2456 | Denial-Of-Service vulnerability in Novell Edirectory 8.8 The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . | 5.0 |
| 2009-07-14 | CVE-2009-0192 | Numeric Errors vulnerability in Novell Edirectory 8.8 Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow. | 5.0 |
| 2008-11-14 | CVE-2008-5093 | Cross-Site Scripting vulnerability in Novell Edirectory Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |