Filtered by vendor Novell
Subscribe
Total
675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2432 | 1 Novell | 1 Iprint | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument.
|
|||||
| CVE-2009-3863 | 1 Novell | 1 Groupwise | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.
|
|||||
| CVE-2009-0115 | 8 Avaya, Christophe.varoqui, Debian and 5 more | 11 Intuity Audix Lx, Message Networking, Messaging Storage Server and 8 more | 2025-04-09 | 7.2 HIGH | 7.8 HIGH |
|
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
|
|||||
| CVE-2007-3571 | 1 Novell | 2 Groupwise, Netware | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
|
|||||
| CVE-2008-0525 | 3 Lumension Security, Novell, Unix | 3 Patchlink Update, Zenworks Patch Management Update Agent, Unix | 2025-04-09 | 4.6 MEDIUM | N/A |
|
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.
|
|||||
| CVE-2009-2848 | 8 Canonical, Fedoraproject, Linux and 5 more | 13 Ubuntu Linux, Fedora, Linux Kernel and 10 more | 2025-04-09 | 5.9 MEDIUM | N/A |
|
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
|
|||||
| CVE-2008-3159 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
|
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."
|
|||||
| CVE-2009-1636 | 1 Novell | 1 Groupwise | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command.
|
|||||
| CVE-2008-2703 | 1 Novell | 1 Groupwise Messenger | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.
|
|||||
| CVE-2008-0927 | 2 Microsoft, Novell | 2 Windows-nt, Edirectory | 2025-04-09 | 5.0 MEDIUM | N/A |
|
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.
|
|||||
| CVE-2008-1809 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters."
|
|||||
| CVE-2008-3488 | 1 Novell | 1 Imanager | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors.
|
|||||
| CVE-2009-0895 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
|
Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.
|
|||||
| CVE-2007-5767 | 1 Novell | 1 Bordermanager | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character backslash or NULL character.
|
|||||
| CVE-2008-4636 | 3 Novell, Opensuse, Suse | 7 Linux Desktop, Open Enterprise Server, Opensuse and 4 more | 2025-04-09 | 7.2 HIGH | N/A |
|
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
|
|||||
| CVE-2008-1701 | 2 Apple, Novell | 2 Mac Os X, Iprint | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request.
|
|||||
| CVE-2008-2436 | 1 Novell | 1 Iprint Client | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx.
|
|||||
| CVE-2006-5286 | 1 Novell | 1 Bordermanager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to "VPN issues" for certain "IKE and IPsec settings."
|
|||||
| CVE-2007-3207 | 1 Novell | 1 Client | 2025-04-09 | 7.1 HIGH | N/A |
|
Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path in a mount request.
|
|||||
| CVE-2007-0108 | 1 Novell | 1 Client | 2025-04-09 | 6.0 MEDIUM | N/A |
|
nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.
|
|||||
| CVE-2007-6302 | 1 Novell | 1 Netmail | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162."
|
|||||
| CVE-2008-5093 | 1 Novell | 1 Edirectory | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2008-5091 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter."
|
|||||
| CVE-2008-2069 | 1 Novell | 1 Groupwise | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.
|
|||||
| CVE-2009-1568 | 1 Novell | 1 Iprint Client | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter.
|
|||||
| CVE-2006-6762 | 1 Novell | 1 Netmail | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
|
|||||
| CVE-2009-0611 | 1 Novell | 1 Open Enterprise Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.
|
|||||
| CVE-2008-2704 | 1 Novell | 1 Groupwise Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries.
|
|||||
| CVE-2006-4510 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
|
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory.
|
|||||
| CVE-2009-1634 | 1 Novell | 1 Groupwise | 2025-04-09 | 7.5 HIGH | N/A |
|
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.
|
|||||
| CVE-2007-3200 | 1 Novell | 1 Modular Authentication Service | 2025-04-09 | 4.9 MEDIUM | N/A |
|
NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.
|
|||||
| CVE-2007-5665 | 1 Novell | 1 Zenworks Endpoint Security Management | 2025-04-09 | 7.2 HIGH | N/A |
|
STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory.
|
|||||
| CVE-2007-5702 | 1 Novell | 1 Opensuse Swamp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6424 | 1 Novell | 1 Netmail | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
|
|||||
| CVE-2007-2476 | 1 Novell | 1 Securelogin | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes.
|
|||||
| CVE-2008-5696 | 1 Novell | 1 Netware | 2025-04-09 | 9.3 HIGH | N/A |
|
Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
|
|||||
| CVE-2009-3176 | 1 Novell | 1 Iprint | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.1, "Novell iPrint Client 4.38 ActiveX exploit." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tra ...
Show More |
|||||
| CVE-2006-5479 | 1 Novell | 1 Edirectory | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment."
|
|||||
| CVE-2007-5762 | 1 Novell | 1 Netware Client | 2025-04-09 | 7.2 HIGH | N/A |
|
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
|
|||||
| CVE-2006-4520 | 1 Novell | 1 Edirectory | 2025-04-09 | 7.8 HIGH | N/A |
|
ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file.
|
|||||