Filtered by vendor Novell
Subscribe
Search
Total
679 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3158 | 1 Novell | 1 Novell Client For Windows | 2017-08-08 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. | |||||
| CVE-2008-2431 | 1 Novell | 1 Iprint | 2017-08-08 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method. | |||||
| CVE-2008-1701 | 2 Apple, Novell | 2 Mac Os X, Iprint | 2017-08-08 | 5.0 MEDIUM | N/A |
| Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request. | |||||
| CVE-2008-2112 | 3 Novell, Redhat, Sun | 4 Suse Linux Enterprise Server, Enterprise Linux, Ray Server Software and 1 more | 2017-08-08 | 8.5 HIGH | N/A |
| Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig. | |||||
| CVE-2008-1809 | 1 Novell | 1 Edirectory | 2017-08-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters." | |||||
| CVE-2008-1330 | 1 Novell | 1 Groupwise | 2017-08-08 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. | |||||
| CVE-2007-6625 | 1 Novell | 1 Identity Manager | 2017-08-08 | 5.0 MEDIUM | N/A |
| The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan. | |||||
| CVE-2007-6701 | 2 Microsoft, Novell | 2 Windows, Client | 2017-08-08 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. | |||||
| CVE-2008-0925 | 1 Novell | 1 Edirectory | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack." | |||||
| CVE-2003-1551 | 1 Novell | 1 Groupwise | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script." | |||||
| CVE-2007-5762 | 1 Novell | 1 Netware Client | 2017-07-29 | 7.2 HIGH | N/A |
| NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode. | |||||
| CVE-2007-3571 | 1 Novell | 2 Groupwise, Netware | 2017-07-29 | 4.3 MEDIUM | N/A |
| The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. | |||||
| CVE-2007-3207 | 1 Novell | 1 Client | 2017-07-29 | 7.1 HIGH | N/A |
| Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path in a mount request. | |||||
| CVE-2007-3200 | 1 Novell | 1 Modular Authentication Service | 2017-07-29 | 4.9 MEDIUM | N/A |
| NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file. | |||||
| CVE-2007-2616 | 1 Novell | 1 Netmail | 2017-07-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2007-2923 | 1 Novell | 1 Extend Director | 2017-07-29 | 9.3 HIGH | N/A |
| The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands. | |||||
| CVE-2007-2954 | 1 Novell | 1 Client | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. | |||||
| CVE-2007-2513 | 1 Novell | 1 Groupwise | 2017-07-29 | 4.3 MEDIUM | N/A |
| Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack. | |||||
| CVE-2004-2734 | 1 Novell | 1 Netware | 2017-07-29 | 10.0 HIGH | N/A |
| webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. | |||||
| CVE-2007-0108 | 1 Novell | 1 Client | 2017-07-29 | 6.0 MEDIUM | N/A |
| nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. | |||||
| CVE-2006-7155 | 1 Novell | 1 Bordermanager | 2017-07-29 | 7.5 HIGH | N/A |
| Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. NOTE: this issue might be related to CVE-2006-5286. | |||||
| CVE-2006-6299 | 1 Novell | 1 Zenworks Asset Management | 2017-07-29 | 10.0 HIGH | N/A |
| Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow. | |||||
| CVE-2004-2757 | 1 Novell | 1 Ichain | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. | |||||
| CVE-2006-6450 | 1 Novell | 1 Zenworks Patch Management Server | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters. | |||||
| CVE-2016-7796 | 3 Novell, Redhat, Systemd Project | 9 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Server For Sap and 6 more | 2017-07-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | |||||
| CVE-2006-4510 | 1 Novell | 1 Edirectory | 2017-07-20 | 10.0 HIGH | N/A |
| The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory. | |||||
| CVE-2006-4509 | 1 Novell | 1 Edirectory | 2017-07-20 | 10.0 HIGH | N/A |
| Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2006-4521 | 1 Novell | 1 Edirectory | 2017-07-20 | 5.0 MEDIUM | N/A |
| The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. | |||||
| CVE-2006-5286 | 1 Novell | 1 Bordermanager | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to "VPN issues" for certain "IKE and IPsec settings." | |||||
| CVE-2006-5813 | 1 Novell | 1 Edirectory | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2006-5814 | 1 Novell | 1 Edirectory | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2006-4520 | 1 Novell | 1 Edirectory | 2017-07-20 | 7.8 HIGH | N/A |
| ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. | |||||
| CVE-2006-4517 | 1 Novell | 1 Imanager | 2017-07-20 | 7.8 HIGH | N/A |
| Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference. | |||||
| CVE-2006-4511 | 1 Novell | 1 Groupwise Messenger | 2017-07-20 | 5.0 MEDIUM | N/A |
| Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines." | |||||
| CVE-2006-4177 | 1 Novell | 1 Edirectory | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. | |||||
| CVE-2006-2185 | 1 Novell | 1 Netware | 2017-07-20 | 4.0 MEDIUM | N/A |
| PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. | |||||
| CVE-2006-1322 | 1 Novell | 2 Netware, Netware Ftp Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow. | |||||
| CVE-2005-3314 | 1 Novell | 1 Netmail | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments." | |||||
| CVE-2005-2804 | 1 Novell | 1 Groupwise | 2017-07-11 | 5.0 MEDIUM | N/A |
| Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key. | |||||
| CVE-2005-3655 | 1 Novell | 1 Open Enterprise Server | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. | |||||
| CVE-2004-2582 | 1 Novell | 1 Ichain | 2017-07-11 | 5.0 MEDIUM | N/A |
| Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2004-2581 | 1 Novell | 1 Ichain | 2017-07-11 | 5.0 MEDIUM | N/A |
| Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string." | |||||
| CVE-2004-2580 | 1 Novell | 1 Ichain | 2017-07-11 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors. | |||||
| CVE-2004-2579 | 1 Novell | 1 Ichain | 2017-07-11 | 7.5 HIGH | N/A |
| ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding." | |||||
| CVE-2005-1060 | 1 Novell | 1 Netware | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets. | |||||
| CVE-2004-2554 | 1 Novell | 1 Client Firewall | 2017-07-11 | 7.2 HIGH | N/A |
| Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges. | |||||
| CVE-2005-2276 | 1 Novell | 1 Groupwise Webaccess | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "jAvascript" in an IMG tag. | |||||
| CVE-2005-1543 | 1 Novell | 5 Zenworks, Zenworks Desktops, Zenworks Remote Management and 2 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests. | |||||
| CVE-2005-0746 | 1 Novell | 1 Ichain | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command. | |||||
| CVE-2005-0744 | 1 Novell | 1 Ichain | 2017-07-11 | 10.0 HIGH | N/A |
| The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser. | |||||