Filtered by vendor Novell
Subscribe
Search
Total
679 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3179 | 1 Novell | 2 Groupwise Messenger, Messenger | 2012-03-05 | 5.0 MEDIUM | N/A |
| The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command. | |||||
| CVE-2011-2653 | 1 Novell | 1 Zenworks Asset Management | 2012-03-05 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file. | |||||
| CVE-2011-4187 | 2 Microsoft, Novell | 2 Windows, Iprint | 2012-02-24 | 10.0 HIGH | N/A |
| Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173. | |||||
| CVE-2011-4186 | 2 Microsoft, Novell | 2 Windows, Iprint | 2012-02-22 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705. | |||||
| CVE-2011-4185 | 2 Microsoft, Novell | 2 Windows, Iprint | 2012-02-22 | 10.0 HIGH | N/A |
| The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. | |||||
| CVE-2011-1710 | 1 Novell | 1 Xtier Framework | 2012-01-02 | 7.5 HIGH | N/A |
| Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables. | |||||
| CVE-2011-4191 | 1 Novell | 1 Netware | 2011-11-30 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets. | |||||
| CVE-2011-3173 | 1 Novell | 1 Iprint Open Enterprise Server 2 | 2011-11-30 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the GetDriverSettings function in nipplib.dll in the iPrint client in Novell Open Enterprise Server 2 (aka OES2) SP3 allows remote attackers to execute arbitrary code via a long (1) hostname or (2) port field. | |||||
| CVE-2011-2227 | 1 Novell | 2 Identity Manager Roles Based Provisioning Module, Identity Manager User Application | 2011-11-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603. | |||||
| CVE-2011-1696 | 1 Novell | 2 Identity Manager Roles Based Provisioning Module, Identity Manager User Application | 2011-11-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972. | |||||
| CVE-2011-2654 | 1 Novell | 1 Cloud Manager | 2011-10-06 | 9.3 HIGH | N/A |
| The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session. | |||||
| CVE-2010-4321 | 1 Novell | 1 Iprint Client | 2011-09-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method. | |||||
| CVE-2010-4711 | 1 Novell | 1 Groupwise | 2011-04-26 | 10.0 HIGH | N/A |
| Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command. | |||||
| CVE-2010-4712 | 1 Novell | 1 Groupwise | 2011-04-26 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data. | |||||
| CVE-2010-4713 | 1 Novell | 1 Groupwise | 2011-04-26 | 10.0 HIGH | N/A |
| Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header. | |||||
| CVE-2010-4714 | 1 Novell | 1 Groupwise | 2011-04-26 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent. | |||||
| CVE-2011-0462 | 1 Novell | 1 Opensuse Build Service | 2011-04-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-0466 | 1 Novell | 1 Opensuse Build Service | 2011-04-21 | 6.4 MEDIUM | N/A |
| The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors. | |||||
| CVE-2011-1550 | 2 Gentoo, Novell | 2 Logrotate, Opensuse Factory | 2011-04-07 | 6.3 MEDIUM | N/A |
| The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. | |||||
| CVE-2008-3488 | 1 Novell | 1 Imanager | 2011-03-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors. | |||||
| CVE-2008-1777 | 1 Novell | 1 Edirectory | 2011-03-08 | 5.0 MEDIUM | N/A |
| The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028. | |||||
| CVE-2008-0663 | 1 Novell | 2 Challenge Response Client, Novell Client For Windows | 2011-03-08 | 2.1 LOW | N/A |
| Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field. | |||||
| CVE-2008-0935 | 1 Novell | 2 Iprint, Iprint Client | 2011-03-08 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method. | |||||
| CVE-2007-5665 | 1 Novell | 1 Zenworks Endpoint Security Management | 2011-03-08 | 7.2 HIGH | N/A |
| STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory. | |||||
| CVE-2007-5767 | 1 Novell | 1 Bordermanager | 2011-03-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character backslash or NULL character. | |||||
| CVE-2007-3570 | 1 Novell | 1 Access Manager | 2011-03-08 | 7.5 HIGH | N/A |
| The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. | |||||
| CVE-2007-2475 | 1 Novell | 1 Securelogin | 2011-03-08 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes." | |||||
| CVE-2007-2476 | 1 Novell | 1 Securelogin | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes. | |||||
| CVE-2007-1309 | 1 Novell | 1 Access Manager | 2011-03-08 | 9.0 HIGH | N/A |
| Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt. | |||||
| CVE-2007-1119 | 1 Novell | 1 Zenworks | 2011-03-08 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors. | |||||
| CVE-2007-0110 | 1 Novell | 1 Access Manager Identity Server | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. | |||||
| CVE-2006-6761 | 1 Novell | 1 Netmail | 2011-03-08 | 6.5 MEDIUM | N/A |
| Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. | |||||
| CVE-2006-6762 | 1 Novell | 1 Netmail | 2011-03-08 | 4.0 MEDIUM | N/A |
| The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. | |||||
| CVE-2006-6443 | 1 Novell | 1 Client | 2011-03-08 | 10.0 HIGH | N/A |
| Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors. | |||||
| CVE-2006-6307 | 1 Novell | 1 Client | 2011-03-08 | 5.0 MEDIUM | N/A |
| srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary. | |||||
| CVE-2006-4220 | 1 Novell | 2 Groupwise, Groupwise Webaccess | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. | |||||
| CVE-2006-1218 | 1 Novell | 1 Bordermanager | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1". | |||||
| CVE-2005-3786 | 1 Novell | 3 Zenworks, Zenworks Desktops, Zenworks Servers | 2011-03-08 | 4.6 MEDIUM | N/A |
| Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. | |||||
| CVE-2005-3315 | 1 Novell | 1 Zenworks Patch Management Server | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp. | |||||
| CVE-2005-2176 | 1 Novell | 1 Netmail | 2011-03-08 | 6.4 MEDIUM | N/A |
| Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | |||||
| CVE-2005-1756 | 1 Novell | 1 Netmail | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields. | |||||
| CVE-2005-1730 | 1 Novell | 1 Imanager | 2011-03-08 | 9.3 HIGH | N/A |
| Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112. | |||||
| CVE-2005-1757 | 1 Novell | 1 Netmail | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code. | |||||
| CVE-2005-1758 | 1 Novell | 1 Netmail | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code. | |||||
| CVE-2010-4716 | 1 Novell | 1 Groupwise | 2011-02-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4717 | 1 Novell | 1 Groupwise | 2011-02-16 | 6.5 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command. | |||||
| CVE-2010-4715 | 1 Novell | 1 Groupwise | 2011-02-16 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4254 | 2 Mono, Novell | 2 Mono, Moonlight | 2011-02-02 | 7.5 HIGH | N/A |
| Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. | |||||
| CVE-2010-2779 | 1 Novell | 1 Groupwise | 2011-01-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies." | |||||
| CVE-2010-2777 | 1 Novell | 1 Groupwise | 2011-01-31 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command. | |||||