This page lists publicly disclosed CVE vulnerabilities affecting novell edirectory (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-9277 | The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. | [email protected] | 4.2 | 1.35% | 2018-03-02 | 2026-06-16 |
| CVE-2017-9267 | In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. | [email protected] | 6.5 | 1.05% | 2018-03-02 | 2026-06-16 |
| CVE-2017-5186 | Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | [email protected] | 7.5 | 0.64% | 2017-04-27 | 2026-06-16 |
| CVE-2016-9168 | A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. | [email protected] | 6.5 | 1.47% | 2017-03-23 | 2026-06-16 |
| CVE-2016-9167 | NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. | [email protected] | 7.5 | 1.24% | 2017-03-23 | 2026-06-16 |
| CVE-2016-5747 | A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | [email protected] | 7.5 | 1.94% | 2017-03-23 | 2026-06-16 |
| CVE-2014-5213 | nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. | [email protected] | 4.0 | 1.97% | 2014-12-19 | 2026-06-16 |
| CVE-2014-5212 | Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. | [email protected] | 4.3 | 2.00% | 2014-12-19 | 2026-06-16 |
| CVE-2010-4327 | Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524. | [email protected] | 5.0 | 2.87% | 2011-02-10 | 2026-06-16 |
| CVE-2009-4655 | The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | [email protected] | 7.5 | 49.86% | 2010-02-26 | 2026-06-16 |
| CVE-2009-4654 | Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. | [email protected] | 9.0 | 6.76% | 2010-02-26 | 2026-06-16 |
| CVE-2009-4653 | Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. | [email protected] | 9.0 | 12.65% | 2010-02-26 | 2026-06-16 |
| CVE-2010-0666 | Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. | [email protected] | 5.0 | 2.25% | 2010-02-19 | 2026-06-16 |
| CVE-2009-0895 | Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. | [email protected] | 10.0 | 6.82% | 2009-12-03 | 2026-06-16 |
| CVE-2009-3862 | The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. | [email protected] | 5.0 | 2.31% | 2009-11-04 | 2026-06-16 |
| CVE-2009-2457 | The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. | [email protected] | 5.0 | 2.42% | 2009-07-14 | 2026-06-16 |
| CVE-2009-2456 | The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). | [email protected] | 5.0 | 2.55% | 2009-07-14 | 2026-06-16 |
| CVE-2009-0192 | Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow. | [email protected] | 5.0 | 12.27% | 2009-07-14 | 2026-06-16 |
| CVE-2008-5094 | Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors. | [email protected] | 10.0 | 1.72% | 2008-11-14 | 2026-06-16 |
| CVE-2008-5093 | Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | [email protected] | 4.3 | 1.19% | 2008-11-14 | 2026-06-16 |