Search Results (52 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4509 1 Novell 1 Edirectory 2026-04-23 N/A
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.
CVE-2006-4510 1 Novell 1 Edirectory 2026-04-23 N/A
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory.
CVE-2006-4520 1 Novell 1 Edirectory 2026-04-23 N/A
ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file.
CVE-2006-4521 1 Novell 1 Edirectory 2026-04-23 N/A
The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request.
CVE-2008-4479 1 Novell 1 Edirectory 2026-04-23 N/A
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.
CVE-2008-4480 1 Novell 1 Edirectory 2026-04-23 N/A
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.
CVE-2008-5038 1 Novell 1 Edirectory 2026-04-23 9.8 Critical
Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.
CVE-2008-5091 1 Novell 1 Edirectory 2026-04-23 N/A
Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter."
CVE-2008-5092 1 Novell 1 Edirectory 2026-04-23 N/A
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.
CVE-2002-1552 1 Novell 1 Edirectory 2026-04-16 N/A
Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager.
CVE-2006-2496 1 Novell 2 Edirectory, Imonitor 2026-04-16 N/A
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
CVE-2005-2551 1 Novell 1 Edirectory 2026-04-16 N/A
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
CVE-2006-4185 1 Novell 1 Edirectory 2026-04-16 N/A
Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan.
CVE-2006-4186 1 Novell 1 Edirectory 2026-04-16 N/A
The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file.
CVE-2002-2119 1 Novell 1 Edirectory 2026-04-16 9.8 Critical
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.
CVE-2005-1729 1 Novell 1 Edirectory 2026-04-16 N/A
Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1.
CVE-2004-0079 23 4d, Apple, Avaya and 20 more 67 Webstar, Mac Os X, Mac Os X Server and 64 more 2026-04-16 7.5 High
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2004-0081 23 4d, Apple, Avaya and 20 more 67 Webstar, Mac Os X, Mac Os X Server and 64 more 2026-04-16 N/A
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVE-2004-0112 24 4d, Apple, Avaya and 21 more 65 Webstar, Mac Os X, Mac Os X Server and 62 more 2026-04-16 N/A
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVE-2016-5747 1 Novell 1 Edirectory 2025-04-20 N/A
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.