51 matches found
CVE-2004-0079
The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...
CVE-2004-0081
CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...
CVE-2004-0112
The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...
CVE-2008-5091
CVE-2008-5091 affects Novell eDirectory’s LDAP service; a buffer overflow in the extensibleMatch filter can cause an application crash/DoS. Affected: eDirectory 8.7.3 before SP10a and 8.8 before SP3. Remediation: upgrade to SP10a (8.7.3) or SP3 (8.8) as available.
CVE-2008-5094
CVE-2008-5094: Novell eDirectory’s NDS Service on affected platforms (before 8.8 SP3) has a heap-based buffer overflow. The NVD entry notes unknown impact/attack vectors, and OpenVAS entries confirm multiple vulnerabilities in Novell eDirectory (Nov08) affecting Linux/Windows, including CVE-2008-...
CVE-2006-5478
CVE-2006-5478 describes multiple stack-based buffer overflows in Novell eDirectory, affecting 8.8.x (up to 8.8.1 FTF1) and 8.x prior, plus Novell NetMail
CVE-2008-4479
Novell eDirectory is affected by CVE-2008-4479 due to a heap-based buffer overflow in dhost.exe when processing SOAP requests with an overly long Accept-Language header. A remote attacker can execute arbitrary code with SYSTEM/root privileges on affected installations. Vulnerable versions include...
CVE-2009-4653
CVE-2009-4653 : Novell eDirectory 8.8 SP5 for Windows is affected by a stack-based buffer overflow in the dhost module, allowing remote authenticated users to cause a denial of service (dhost.exe crash) and potentially execute arbitrary code via a long string to /dhost/modules?I:. The issue is co...
CVE-2006-4510
The CVE-2006-4510 issue affects Novell eDirectory’s LDAP service, specifically the evtFilteredMonitorEventsRequest function. A crafted request that provides a value larger than the number of objects transmitted triggers an invalid free of unallocated memory, enabling remote code execution. The vu...
CVE-2009-0192
Concrete details found: CVE-2009-0192 affects Novell eDirectory (iMonitor) with a stack-based buffer overflow triggered by a crafted Accept-Language HTTP header, enabling remote code execution on affected versions (notably eDirectory 8.8 SP3 and SP3 FTF3; other versions possibly impacted). Root c...
CVE-2009-2456
CVE-2009-2456 affects Novell eDirectory 8.8 before SP5. The DS/NDSD component is vulnerable to a remote denial of service via an LDAP request containing multiple dot wildcard characters in the Relative Distinguished Name (RDN), causing an nsd core dump. Documented impact is denial of service with...
CVE-2009-0895
The CVE-2009-0895 vulnerability affects Novell eDirectory 8.7.3.x (pre-8.7.3.10 ftf2) and 8.8.x (pre-8.8.5.2). It is caused by an integer overflow in processing NDS Verb 0x1 requests, leading to a heap-based buffer overflow that enables remote code execution. Public sources in the connected docum...
CVE-2009-3862
The CVE-2009-3862 issue affects Novell eDirectory's NDSD process (LDAP server) on affected branches: eDirectory 8.7.3 before 8.7.3.10 ftf2 and 8.8 before 8.8.5 ftf1. The vulnerability arises from improper handling of LDAP search requests with a NULL BaseDN, which can be exploited remotely to caus...
CVE-2008-5038
CVE-2008-5038 analyzes a Use-After-Free in the NetWare Core Protocol (NCP) of Novell eDirectory. Affected: eDirectory 8.7.3 SP10 before SP10 FTF1 and 8.8 SP2 for Windows. Root cause: memory corruption caused by a sequence of Get NCP Extension Information By Name requests that cause one thread to ...
CVE-2009-2457
CVE-2009-2457 affects Novell eDirectory 8.8 before SP5, specifically the DSNDSD component. A malformed bind LDAP packet allows remote attackers to cause a denial of service (crash). The open-source/enterprise advisories in the connected documents corroborate that multiple vulnerability entries re...
CVE-2017-5186
CVE-2017-5186 affects Novell iManager and NetIQ eDirectory (versions listed in the CVE) and is due to the use of the deprecated MD5 hashing algorithm in a communications certificate. The connected SUSE entry reiterates the same affected products and patch level references. The provided sources do...
CVE-2009-4655
CVE-2009-4655 affects Novell eDirectory 8.8.5 DHOST web service, which uses a predictable session cookie that can enable session hijacking by a remote attacker. The PacketStorm/MSF and Nessus/OpenVAS entries corroborate a cookie-based hijack vector tied to DHost. Evidence notes the vulnerability ...
CVE-2006-5813
CVE-2006-5813 concerns Novell eDirectory 8.8 with a denial-of-service condition reported by a reliable researcher; the public disclosure provides no actionable technical details, and the exact root cause, affected components, vulnerable versions beyond “eDirectory 8.8,” exploits, or remediation a...
CVE-2010-0666
CVE-2010-0666 describes a DoS in Novell eDirectory’s eMBox service (8.8 SP5 Patch 2 and earlier) triggered by a crafted SOAP request, allowing remote attackers to crash the service. The vulnerability is distinct from CVE-2008-0926. Connected documents confirm DoS wording and affected versions; no...
CVE-2016-9167
Affected product: Novell eDirectory NDSD prior to 9.0.2. The issue is that ACLs on LDAP objects across partition boundaries are not calculated correctly, enabling privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. Root cause: incorrect ACL evaluation acr...
CVE-2008-5092
CVE-2008-5092 corresponds to a heap-based buffer overflow in Novell eDirectory’s HTTPSTK (HTTP protocol stack) prior to 8.8 SP3. The NVD entry notes unknown impact and attack vectors tied to the HTTP language header and HTTP content-length header. CVSS v2 base score is 10.0 (AV:N/AC:L/Au:N/C:C/I:...
CVE-2016-9168
CVE-2016-9168 affects Novell eDirectory’s NDSD (NDS Utility Monitor) prior to version 9.0.2, where a missing X-Frame-Options header could enable clickjacking by remote attackers. The vulnerability is documented across multiple feeds (NVD entry and cross-references in CNVD/OpenVAS records) and is ...
CVE-2008-5093
CVE-2008-5093 is a cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) of Novell eDirectory, affecting versions prior to 8.8 SP3. The issue allows remote injection of arbitrary web script/HTML via unknown vectors. The standard CVSS metrics indicate a network attack vecto...
CVE-2008-4478
CVE-2008-4478 affects Novell eDirectory. The vulnerability resides in dhost.exe and the SOAP/HTTP web interface, where improper parsing of the SOAP Content-Length header (and certain Core Protocol opcodes, notably 0x0F) triggers a heap-based or arithmetic overflow, enabling remote code execution....
CVE-2009-4654
CVE-2009-4654 concerns a stack-based buffer overflow in the dhost module of Novell eDirectory 8.8 SP5 for Windows. The vulnerability allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. The available document...
CVE-2002-2119
CVE-2002-2119 affects Novell eDirectory 8.6.2 and 8.7, where use of case-insensitive passwords enables remote brute-force password guessing. Root cause: password comparisons are not case-sensitive. Impact: higher risk of successful credential guessing (remote). Connected sources corroborate the a...
CVE-2008-0926
CVE-2008-0926 affects Novell eDirectory’s eMBox SOAP interface, where client-side authentication can be bypassed via requests to /SOAP URIs. This enables either read access to files or a denial of service (daemon shutdown). Affected products include eDirectory 8.7.3.9 and earlier, and 8.8.x befor...
CVE-2008-4480
Novell eDirectory’s dhost.exe contains a heap-based overflow in Netware Core Protocol opcode 0x24 handling. An under-allocated heap buffer due to a calculation error enables remote code execution. Affected versions are eDirectory 8.x before 8.8.3 and 8.7.3 before 8.7.3.10 ftf1. The vulnerability ...
CVE-2006-2496
CVE-2006-2496 affects Novell eDirectory 8.8 (iMonitor 2.4). A stack-based buffer overflow in the iMonitor NDS Server component (HTTP/8028, HTTPS/8030) occurs while parsing long URIs, allowing remote attackers to execute arbitrary code or cause a denial of service. Exploitation does not require au...
CVE-2008-0924
The CVE-2008-0924 issue affects Novell eDirectory (Linux and possibly others) where a stack-based buffer overflow in the DoLBURPRequest path of libnldap/ndsd is triggered by a long delRequest LDAP Extended Request, likely involving a long DN. Affected versions are eDirectory 8.7.3.9 and earlier, ...
CVE-2017-9267
CVE-2017-9267 affects Micro Focus/Novell eDirectory before 9.0.3.1, where the LDAP interface does not enforce cipher restrictions, allowing weaker ciphers to be used during SSL BIND. CNVD-2018-06606 confirms the issue stems from password restrictions in the LDAP interface and notes the vulnerable...
CVE-2002-1552
Summary: CVE-2002-1552 affects Novell eDirectory (eDir) 8.6.2 and NetWare 5.1 eDir 85.x. When users with expired passwords log in via Remote Manager, they may gain inappropriate permissions. The issue is supported by multiple sources (NVD/NVDCVE and CVE records) with a CVSS v2 base score of 7.5 (...
CVE-2006-4520
CVE-2006-4520 affects Novell eDirectory’s NCP handling. Vulnerable products include eDirectory versions 8.7.3 SP9 and 8.8.x prior to 8.8.1 FTF2; the issue lies in processing NCP fragments with a negative length. Remote, unauthenticated attackers can trigger a denial of service by causing the heap...
CVE-2010-4327
Novell eDirectory (versions 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2) is affected by a DoS in the NCP service. The vulnerability stems from processing a malformed FileSetLock request on port 524, which can cause the server to hang and block authentication. Public disclosures (ZDI-11-060, Ope...
CVE-2005-2551
CVE-2005-2551 refers to a stack-based buffer overflow in Novell eDirectory 8.7.3 iMonitor on Windows. The vulnerability stems from improper boundary checking while processing long HTTP requests, enabling a remote attacker with access to iMonitor to crash the service and potentially execute arbitr...
CVE-2006-4521
CVE-2006-4521 affects Novell eDirectory (versions 8.8 and 8.8.1) via the libnmasldap.so NMAS module. The BerDecodeLoginDataRequest function does not properly increment a pointer when handling certain input, allowing a remote attacker to cause a denial of service (invalid memory access) with a cra...
CVE-2008-0925
Technical details (affected product/version, root cause, impact, or exploit information) are not publicly provided in the supplied documents. Monitor for updates on CVE-2008-0925.
CVE-2008-1777
The CVE-2008-1777 entry concerns the eDirectory Host Environment service (dhost.exe) in Novell eDirectory. Affected version shown in sources is eDirectory 8.8.2, where a remote attacker can cause a denial of service (CPU consumption) by sending a long HTTP HEAD request to TCP port 8028. Related r...
CVE-2005-1729
Affected product: Novell eDirectory 8.7.3. Vulnerability: Denial of service caused by insufficient filtering of HTTP requests that use reserved MS-DOS device names (e.g., AUX, CON, PRN, COM1, LPT1). Impact: Remote attacker can terminate the eDirectory server process; all services (including LDAP)...
CVE-2014-5213
CVE-2014-5213 affects NetIQ eDirectory NDS iMonitor in the 8.8 SP7/SP8 line. The vulnerability is a memory-disclosure issue: an authenticated administrator or user can request memory content from the iMonitor service, potentially leaking sensitive data. Exploitation required an authenticated sess...
CVE-2006-4186
The CVE-2006-4186 entry pertains to Novell eDirectory 8.7.3.8 where the iManager in eMBoxClient.jar writes passwords in plaintext to a log file. This creates a local information disclosure risk: local users can read the log file to obtain passwords. The affected component is the iManager inside e...
CVE-2006-5814
Technical details for CVE-2006-5814 are not publicly available in the provided documents. No concrete information on affected versions, root cause, or remediation is present. Monitor for updates.
CVE-2016-5747
The CVE-2016-5747 entry concerns Novell eDirectory’s NDSD HTTP stack cookie handling, where predictable cookies enable remote bypass of access restrictions prior to version 9.0.1. Multiple sources (NVD, CNVD, OpenVAS) confirm the vulnerability in the cookie-based auth flow, affecting eDirectory b...
CVE-2006-4185
The CVE affects Novell eDirectory 8.7.3.8, specifically the NCPENGINE component. A vulnerability in NCPENGINE allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated by a Nessus scan. The available documents do not specify the root cau...
CVE-2008-1809
CVE-2008-1809 affects Novell eDirectory: a heap-based buffer overflow in the LDAP service allows remote, unauthenticated attackers to execute arbitrary code via an LDAP search request containing a NULL search parameter. Vulnerable versions are eDirectory 8.7.3 prior to 8.7.3.10b and 8.8 prior to ...
CVE-2014-5212
CVE-2014-5212 is a reflected cross-site scripting (XSS) vulnerability in NetIQ/Novell eDirectory iMonitor (nds/search/data) that allows an attacker to inject scripts via the rdn parameter. Affected product: eDirectory NDS iMonitor before 8.8 SP8 Patch 4. Root cause: input validation error when pa...
CVE-2006-4177
CVE-2006-4177 affects Novell eDirectory’s NCP engine. The issue is a heap-based buffer overflow triggered by a crafted NCP over IP packet, causing NCP to read more data than intended and allowing remote code execution. Affected software is Novell eDirectory prior to 8.8.1 FTF1; the vendor’s remed...
CVE-2006-4509
CVE-2006-4509: A heap/integer overflow in the evtFilteredMonitorEventsRequest handler of the Novell eDirectory LDAP service (before 8.8.1 FTF1) can be triggered by crafted input, potentially allowing remote code execution. Public advisories describe the overflow during memory allocation (multipli...
CVE-2006-5479
The CVE-2006-5479 entry affects Novell eDirectory’s NCP Engine prior to 8.7.3.8 FTF1, where the NCP Fragment handling is vulnerable. This allows remote attackers to trigger a denial-of-service condition. The available documents state the impact as an unspecified DoS and do not provide exploit det...
CVE-2017-9277
CVE-2017-9277 concerns the LDAP backend of Novell eDirectory prior to version 9.0 SP4. The issue arises when the LDAP backend is switched to Enhanced Background Authentication (EBA): it kept open connections without EBA. The provided documents explicitly describe the affected product/version and ...