Vulnerabilities > Novell > Edirectory > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-06-18 | CVE-2008-0925 | Cross-Site Scripting vulnerability in Novell Edirectory Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack." | 4.3 |
| 2008-04-14 | CVE-2008-1777 | Resource Management Errors vulnerability in Novell Edirectory 8.8.2 The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028. | 5.0 |
| 2008-04-14 | CVE-2008-0927 | Resource Management Errors vulnerability in Microsoft Windows-Nt 2000/2003 dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. | 5.0 |
| 2008-03-28 | CVE-2008-0924 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. | 6.8 |
| 2006-11-08 | CVE-2006-5813 | Denial-Of-Service vulnerability in Novell Edirectory 8.8 Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. | 5.0 |
| 2006-11-04 | CVE-2006-4521 | Denial of Service vulnerability in Novell Edirectory 8.8/8.8.1 The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. | 5.0 |
| 2006-10-24 | CVE-2006-5479 | Denial-Of-Service vulnerability in eDirectory The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." This vulnerability is addressed in the following product release: Novell, eDirectory, 8.7.3.8 FTF1 | 5.0 |
| 2006-08-17 | CVE-2006-4185 | Nessus Denial of Service vulnerability in Novell eDirectory Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. | 4.9 |
| 2005-06-12 | CVE-2005-1729 | Denial-Of-Service vulnerability in Novell Edirectory 8.7.3 Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1. | 5.0 |
| 2004-11-23 | CVE-2004-0081 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | 5.0 |