CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9267 – eDirectory LDAP peer certificate validation issue
https://notcve.org/view.php?id=CVE-2017-9267
02 Mar 2018 — In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. En Novell eDirectory, en versiones anteriores a la 9.0.3.1, la interfaz LDAP no imponía de forma estricta las restricciones de cifrado, lo que permite que cifrados débiles se empleen durante las operaciones SSL BIND. • https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-9277 – existing connection is being used even though eDirectory LDAP server is upgraded to EBA
https://notcve.org/view.php?id=CVE-2017-9277
02 Mar 2018 — The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. El backend LDAP en Novell eDirectory, en versiones anteriores a la 9.0 SP4, al cambiar a EBA (Enhanced Background Authentication) mantenía las conexiones abiertas sin EBA. • https://bugzilla.suse.com/show_bug.cgi?id=1005473 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5186
https://notcve.org/view.php?id=CVE-2017-5186
27 Apr 2017 — Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. Novell iManager versión 2.7 anterior a SP7 Patch 9, Novell eDirectory 8.8.x anterior a 8.8 SP8 Patch 9 Hotfix 2, NetIQ eDirectory 9.x anterior a 9.0.2 Hotfix 2 (9.0.2.2) y NetIQ iManager 3.x anterior a 3.0.2.1 usan el algoritmo de hashing MD5 en un ... • https://bugzilla.novell.com/show_bug.cgi?id=1019041 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5747
https://notcve.org/view.php?id=CVE-2016-5747
23 Mar 2017 — A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. Una vulnerabilidad de seguridad en el manejo de cookies en la implementación http en pila en NDSD en Novell eDirectory en versiones anteriores a 9.0.1 permite a atacantes remotos eludir las restricciones destinadas al acceso aprovechando cookies predecibles. • https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9167
https://notcve.org/view.php?id=CVE-2016-9167
23 Mar 2017 — NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. NDSD en Novell eDirectory en versiones anteriores a 9.0.2 no calculó correctamente ACLs en objetos LDAP a través de límites de partición, lo que podría provocar una escalada de privilegios por la modificación de los atributos de usuario lo que podría conducir a una escalada de p... • http://www.securityfocus.com/bid/97315 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9168
https://notcve.org/view.php?id=CVE-2016-9168
23 Mar 2017 — A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. Una cabecera X-Frame-Options perdida en el NDS Utility Monitor en NDSD en Novell eDirectory en versiones anteriores a 9.0.2 podría ser utilizada por atacantes remotos para clickjacking. • http://www.securityfocus.com/bid/97320 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 1CVE-2014-5212 – NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
https://notcve.org/view.php?id=CVE-2014-5212
19 Dec 2014 — Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. Vulnerabilidad de XSS en nds/search/data en iMonitor de Novell eDirectory anterior a 8.8 SP8 Patch 4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro rdn. NetIQ eDirectory NDS iMonitor versions 8.8 SP8 and 8.8 SP7 suffer from a cross site scripting vuln... • https://packetstorm.news/files/id/129670 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2014-5213 – NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
https://notcve.org/view.php?id=CVE-2014-5213
19 Dec 2014 — nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images en iMonitor de Novell eDirectory anterior a 8.8 SP8 Patch 4 permite a usuarios remotos autenticados obtener información sensible de la memoria del proceso a través de una petición directa. NetIQ eDirectory NDS iMonitor versions ... • https://packetstorm.news/files/id/129670 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2010-4327 – Novell eDirectory Malformed NCP Request Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2010-4327
07 Feb 2011 — Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524. Vulnerabilidad no especificada en el servicio NPC en Novell eDirectory v8.8.5 anterior a v8.8.5.6 y v8.8.6 anterior a v8.8.6.2, permite a atacantes remotos provocar una denegación de servicio (cuelgue) a través de una petición FileSetLock mal formada al puerto 524. This vulnerability allows... • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-novell •
CVSS: 9.0EPSS: 6%CPEs: 2EXPL: 2CVE-2009-4653 – Novell eDirectory 8.8 - '/dhost/modules?I:' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-4653
26 Feb 2010 — Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. Desbordamiento de búfer basado en pila en el módulo dhost en Novell eDirectory v8.8 SP5 para Windows, permite a usuarios autenticados remotos a provocar una denegación de servicio (caida de dhost.exe) y posiblemente ejecutar código arbitrario a través de una cadena ... • https://www.exploit-db.com/exploits/33351 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •