Filtered by vendor Novell
Subscribe
Search
Total
542 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3786 | 1 Novell | 3 Zenworks, Zenworks Desktops, Zenworks Servers | 2011-03-08 | 4.6 MEDIUM | N/A |
| Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. | |||||
| CVE-2005-3315 | 1 Novell | 1 Zenworks Patch Management Server | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp. | |||||
| CVE-2005-2176 | 1 Novell | 1 Netmail | 2011-03-08 | 6.4 MEDIUM | N/A |
| Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | |||||
| CVE-2005-1756 | 1 Novell | 1 Netmail | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields. | |||||
| CVE-2005-1730 | 1 Novell | 1 Imanager | 2011-03-08 | 9.3 HIGH | N/A |
| Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112. | |||||
| CVE-2005-1758 | 1 Novell | 1 Netmail | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-1757 | 1 Novell | 1 Netmail | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code. | |||||
| CVE-2010-4716 | 1 Novell | 1 Groupwise | 2011-02-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4717 | 1 Novell | 1 Groupwise | 2011-02-16 | 6.5 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command. | |||||
| CVE-2010-4715 | 1 Novell | 1 Groupwise | 2011-02-16 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4254 | 2 Mono, Novell | 2 Mono, Moonlight | 2011-02-02 | 7.5 HIGH | N/A |
| Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. | |||||
| CVE-2010-2778 | 1 Novell | 1 Groupwise | 2011-01-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit." | |||||
| CVE-2010-2779 | 1 Novell | 1 Groupwise | 2011-01-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies." | |||||
| CVE-2010-2777 | 1 Novell | 1 Groupwise | 2011-01-31 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command. | |||||
| CVE-2010-3264 | 1 Novell | 1 Identity Manager | 2010-09-09 | 2.1 LOW | N/A |
| The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2010-1507 | 1 Novell | 2 Suse Linux, Webyast Appliance | 2010-09-06 | 5.0 MEDIUM | N/A |
| WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. | |||||
| CVE-2009-3176 | 1 Novell | 1 Iprint | 2010-08-25 | 9.3 HIGH | N/A |
| Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.1, "Novell iPrint Client 4.38 ActiveX exploit." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2002-2434 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-06-08 | 5.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service (abend) via multiple FTP sessions. | |||||
| CVE-2003-1596 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-06-08 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session. | |||||
| CVE-2003-1591 | 1 Novell | 1 Netware | 2010-06-08 | 4.3 MEDIUM | N/A |
| NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload. | |||||
| CVE-2002-2433 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-06-08 | 4.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command. | |||||
| CVE-2009-4879 | 1 Novell | 1 Access Manager | 2010-05-27 | 4.3 MEDIUM | N/A |
| The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions. | |||||
| CVE-2007-6735 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session. | |||||
| CVE-2003-1595 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 10.0 HIGH | N/A |
| NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors. | |||||
| CVE-2003-1594 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session. | |||||
| CVE-2004-2767 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 4.3 MEDIUM | N/A |
| NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session. | |||||
| CVE-2007-6734 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 4.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors. | |||||
| CVE-2005-4887 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords. | |||||
| CVE-2003-1592 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password. | |||||
| CVE-2005-4888 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 5.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed. | |||||
| CVE-2003-1593 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 7.5 HIGH | N/A |
| NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection. | |||||
| CVE-2000-1246 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-05 | 3.5 LOW | N/A |
| NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command. | |||||
| CVE-2001-1587 | 1 Novell | 1 Netware | 2010-04-05 | 5.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command. | |||||
| CVE-2002-2432 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via a crafted username. | |||||
| CVE-2000-1245 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-05 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors. | |||||
| CVE-2010-0666 | 1 Novell | 1 Edirectory | 2010-02-22 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. | |||||
| CVE-2009-3862 | 1 Novell | 1 Edirectory | 2009-11-05 | 5.0 MEDIUM | N/A |
| The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. | |||||
| CVE-2009-2707 | 1 Novell | 1 Suse Linux Enterprise Server | 2009-09-18 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in ia32el (aka the IA 32 emulation functionality) before 7042_7022-0.4.2 in SUSE Linux Enterprise (SLE) 10 SP2 on Itanium IA64 machines allows local users to cause a denial of service (system crash) via a 32-bit x86 application. | |||||
| CVE-2008-6722 | 1 Novell | 1 Access Manager | 2009-04-29 | 1.9 LOW | N/A |
| Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache. | |||||
| CVE-2008-2025 | 3 Apache, Novell, Opensuse | 3 Struts, Suse Linux, Opensuse | 2009-04-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters." | |||||
| CVE-2009-0274 | 1 Novell | 1 Groupwise | 2009-02-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests. | |||||
| CVE-2008-5231 | 1 Novell | 1 Iprint | 2008-11-26 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via a long target-frame option value, a different vulnerability than CVE-2008-2431. | |||||
| CVE-2008-2432 | 1 Novell | 1 Iprint | 2008-11-26 | 5.0 MEDIUM | N/A |
| Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. | |||||
| CVE-2002-0530 | 1 Novell | 1 Web Search | 2008-09-10 | 5.1 MEDIUM | N/A |
| Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter. | |||||
| CVE-2001-1195 | 1 Novell | 1 Groupwise | 2008-09-10 | 7.5 HIGH | N/A |
| Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges. | |||||
| CVE-2000-0669 | 1 Novell | 1 Netware | 2008-09-10 | 5.0 MEDIUM | N/A |
| Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data. | |||||
| CVE-2000-0591 | 1 Novell | 1 Bordermanager | 2008-09-10 | 5.0 MEDIUM | N/A |
| Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL. | |||||
| CVE-2000-0257 | 1 Novell | 1 Netware | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. | |||||
| CVE-2000-0146 | 1 Novell | 1 Groupwise | 2008-09-10 | 5.0 MEDIUM | N/A |
| The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet. | |||||
| CVE-2000-0152 | 1 Novell | 1 Bordermanager | 2008-09-10 | 5.0 MEDIUM | N/A |
| Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000. | |||||