Novell » Edirectory » 8.8.5 ftf1 : Security Vulnerabilities, CVEs,
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
Max CVSS
7.5
EPSS Score
0.18%
Published
2018-03-02
Updated
2019-10-09
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
Max CVSS
7.5
EPSS Score
0.23%
Published
2018-03-02
Updated
2019-10-09
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.
Max CVSS
7.5
EPSS Score
0.47%
Published
2017-03-23
Updated
2017-03-27
Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524.
Max CVSS
5.0
EPSS Score
12.35%
Published
2011-02-10
Updated
2018-10-10
CVE-2009-4655
Public exploit
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
Max CVSS
7.5
EPSS Score
6.74%
Published
2010-02-26
Updated
2017-08-17
Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
61.35%
Published
2009-12-03
Updated
2017-08-17
6 vulnerabilities found