CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17950
https://notcve.org/view.php?id=CVE-2018-17950
12 Dec 2018 — Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 Aplicación incorrecta de las comprobaciones de autorización en eDirectory en versiones anteriores a la 9.1 SP2. • https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17952
https://notcve.org/view.php?id=CVE-2018-17952
12 Dec 2018 — Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 Vulnerabilidad Cross-Site Scripting (XSS) en eDirectory en versiones anteriores a la 9.1 SP2. • https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7686 – Novell NetIQ Access Manager dhost Service Shared Memory Section Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-7686
09 Aug 2018 — Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. Vulnerabilidad de fuga de información en NetIQ eDirectory en versiones anteriores a la 9.1.1 HF1 debido al uso de memoria compartida. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Novell NetIQ Access Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci... • https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7692
https://notcve.org/view.php?id=CVE-2018-7692
09 Aug 2018 — Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. Vulnerabilidad de redirección no validada en NetIQ eDirectory en versiones anteriores a la 9.1.1 HF1. • https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1346 – NetIQ eDirectory Denial of Service
https://notcve.org/view.php?id=CVE-2018-1346
21 Mar 2018 — Addresses denial of service attack to eDirectory versions prior to 9.1. Se trata de un ataque de denegación de servicio (DoS) en eDirectory, en versiones anteriores a la 9.1. • http://www.securityfocus.com/bid/103493 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9267 – eDirectory LDAP peer certificate validation issue
https://notcve.org/view.php?id=CVE-2017-9267
02 Mar 2018 — In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. En Novell eDirectory, en versiones anteriores a la 9.0.3.1, la interfaz LDAP no imponía de forma estricta las restricciones de cifrado, lo que permite que cifrados débiles se empleen durante las operaciones SSL BIND. • https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5186
https://notcve.org/view.php?id=CVE-2017-5186
27 Apr 2017 — Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. Novell iManager versión 2.7 anterior a SP7 Patch 9, Novell eDirectory 8.8.x anterior a 8.8 SP8 Patch 9 Hotfix 2, NetIQ eDirectory 9.x anterior a 9.0.2 Hotfix 2 (9.0.2.2) y NetIQ iManager 3.x anterior a 3.0.2.1 usan el algoritmo de hashing MD5 en un ... • https://bugzilla.novell.com/show_bug.cgi?id=1019041 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 10.0EPSS: 0%CPEs: 43EXPL: 0CVE-2008-5092
https://notcve.org/view.php?id=CVE-2008-5092
14 Nov 2008 — Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. Desbordamiento de búfer basado en montículo en la pila del protocolo HTTP en Novell eDirectory (HTTPSTK) versiones anteriores a v8.8 SP3 tiene un impacto y vectores de ataque desconocidos relaciona a (1) cabeceras del lenguaje HTTP y (2) cabeceras "content-length" HTTP. • http://www.novell.com/support/viewContent.do?externalId=3426981 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1552
https://notcve.org/view.php?id=CVE-2002-1552
31 Mar 2003 — Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. • http://marc.info/?l=bugtraq&m=103712498905027&w=2 •