Novell

Edirectory

51 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2008-5092

  • EPSS 0.23%
  • Veröffentlicht 14.11.2008 19:20:54
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.

10

CVE-2008-5091

  • EPSS 0.59%
  • Veröffentlicht 14.11.2008 19:20:54
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter."

10

CVE-2008-5038

  • EPSS 19.1%
  • Veröffentlicht 12.11.2008 21:09:03
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequ...

10

CVE-2008-4480

  • EPSS 26.53%
  • Veröffentlicht 14.10.2008 22:36:58
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error...

10

CVE-2008-4479

  • EPSS 31.88%
  • Veröffentlicht 14.10.2008 22:36:58
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.

10

CVE-2008-4478

  • EPSS 65.89%
  • Veröffentlicht 14.10.2008 22:36:53
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opco...

10

CVE-2008-3159

  • EPSS 15.11%
  • Veröffentlicht 14.07.2008 18:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related...

10

CVE-2008-1809

  • EPSS 22.9%
  • Veröffentlicht 14.07.2008 18:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters."

4.3

CVE-2008-0925

  • EPSS 1.09%
  • Veröffentlicht 18.06.2008 19:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used wi...

5

CVE-2008-1777

Exploit
  • EPSS 1.17%
  • Veröffentlicht 14.04.2008 16:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028.