threat
engine
.sh
Back
·
··:··
Home
/
Product
/
novell edirectory
Product
novell edirectory
70 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2019-25675
<= 1.0
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentica
8.2
HIGH
CVE-2021-38133
< 9.2.6.0000
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all versio
7.4
HIGH
CVE-2021-38132
< 9.2.6.0000
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all versio
5.3
MEDIUM
CVE-2021-38131
< 9.2.5.0000
Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000.
5.4
MEDIUM
CVE-2021-22533
< 9.2.4.0000
Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirecto
6.5
MEDIUM
CVE-2021-22532
< 9.2.4.0000
Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.
7.6
HIGH
CVE-2021-22503
< 9.2.3.0000
Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText
5.4
MEDIUM
CVE-2018-17952
< 9.1.2
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
6.1
MEDIUM
CVE-2018-17950
<= 9.1
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
7.5
HIGH
CVE-2018-7692
<= 9.1.1
Unvalidated redirect vulnerability in NetIQ eDirectory before 9.1.1 HF1.
6.1
MEDIUM
CVE-2018-7686
<= 9.1.1
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
7.5
HIGH
CVE-2018-12461
all versions
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
3.5
LOW
CVE-2018-1346
< 9.1
Addresses denial of service attack to eDirectory versions prior to 9.1.
3.1
LOW
CVE-2017-9285
<= 9.0
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDire
5.4
MEDIUM
CVE-2017-9277
<= 9.0
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connectio
4.2
MEDIUM
CVE-2017-9267
< 9.0.3.1
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to b
6.5
MEDIUM
CVE-2017-7429
<= 8.8.8
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which coul
8.8
HIGH
CVE-2017-5186
<= 8.8
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2
7.5
HIGH
CVE-2016-9168
<= 9.0.1
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote atta
6.5
MEDIUM
CVE-2016-9167
<= 9.0.1
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could l
7.5
HIGH
CVE-2016-5747
<= 9.0
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remo
7.5
HIGH
CVE-2014-5213
<= 8.8
nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote
CVE-2014-5212
<= 8.8
Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote
CVE-2012-0432
all versions
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to
CVE-2012-0430
all versions
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers
CVE-2012-0429
all versions
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause
CVE-2012-0428
all versions
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attac
CVE-2010-4327
all versions
Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote atta
CVE-2009-4655
all versions
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to
CVE-2009-4654
all versions
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to exec
CVE-2009-4653
all versions
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to caus
CVE-2010-0666
<= 8.7.3.10
Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of s
CVE-2009-0895
all versions
Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arb
CVE-2009-3862
all versions
The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle cer
CVE-2009-2457
all versions
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malfo
CVE-2009-2456
all versions
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) vi
CVE-2009-0192
all versions
Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote a
CVE-2008-5094
all versions
Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.
CVE-2008-5093
all versions
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote at
CVE-2008-5092
<= 8.8
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vecto
CVE-2008-5091
<= 8.8
Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial
CVE-2008-5038
< 8.7.3
Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and
9.8
CRITICAL
CVE-2008-4480
>= 8.7.3 and < 8.7.3.10
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attac
CVE-2008-4479
>= 8.7.3 and < 8.7.3.10
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attac
CVE-2008-4478
<= 8.7.3.10
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attacke
CVE-2008-3159
all versions
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allow
CVE-2008-1809
all versions
Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to exec
CVE-2008-0925
all versions
Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x befor
CVE-2008-1777
all versions
The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of servic
CVE-2008-0926
<= 8.7.3.10
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side aut
CVE-2008-0924
>= 8.7 and <= 8.7.3.9
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1
CVE-2006-4520
<= 8.7.3.8
ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative len
CVE-2006-5814
all versions
Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm,
CVE-2006-5813
all versions
Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm
CVE-2006-4521
all versions
The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Se
CVE-2006-5479
<= 8.7.3.8
The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a ce
CVE-2006-5478
all versions
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail befo
CVE-2006-4177
<= 8.8.1
Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary c
CVE-2006-4510
all versions
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to
CVE-2006-4509
all versions
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows
CVE-2006-4186
all versions
The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users
CVE-2006-4185
all versions
Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consu
CVE-2006-2496
all versions
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash)
CVE-2005-2551
all versions
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (cra
CVE-2005-1729
all versions
Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS de
CVE-2004-0112
all versions
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the
CVE-2004-0081
all versions
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of ser
CVE-2004-0079
all versions
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of
7.5
HIGH
CVE-2002-1552
all versions
Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions whe
CVE-2002-2119
all versions
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin