Filtered by vendor Novell
Subscribe
Total
675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1040 | 1 Novell | 1 Linux Desktop | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification."
|
|||||
| CVE-2005-0797 | 1 Novell | 1 Ichain | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
|
|||||
| CVE-2006-3430 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
|
|||||
| CVE-2001-0486 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.
|
|||||
| CVE-2006-2304 | 1 Novell | 1 Client | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow.
|
|||||
| CVE-2002-0782 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface.
|
|||||
| CVE-2006-0999 | 1 Novell | 2 Netware, Open Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session.
|
|||||
| CVE-2004-2103 | 1 Novell | 1 Netware | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename.
|
|||||
| CVE-2002-1634 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl.
|
|||||
| CVE-1999-0470 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.
|
|||||
| CVE-1999-1020 | 1 Novell | 1 Netware | 2025-04-03 | 7.5 HIGH | N/A |
|
The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.
|
|||||
| CVE-1999-0929 | 1 Novell | 2 Http Server, Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests.
|
|||||
| CVE-1999-1320 | 1 Novell | 1 Netware | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.
|
|||||
| CVE-2004-2579 | 1 Novell | 1 Ichain | 2025-04-03 | 7.5 HIGH | N/A |
|
ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding."
|
|||||
| CVE-2005-4791 | 1 Novell | 1 Suse Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
|
|||||
| CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
|
|||||
| CVE-1999-1081 | 1 Novell | 1 Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files.
|
|||||
| CVE-2002-1283 | 1 Novell | 1 Emframe | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute.
|
|||||
| CVE-2003-0639 | 1 Novell | 1 Ichain | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.
|
|||||
| CVE-2004-2734 | 1 Novell | 1 Netware | 2025-04-03 | 10.0 HIGH | N/A |
|
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
|
|||||
| CVE-2004-1457 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISAKMP Protocol Test Suite.
|
|||||
| CVE-2006-2185 | 1 Novell | 1 Netware | 2025-04-03 | 4.0 MEDIUM | N/A |
|
PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges.
|
|||||
| CVE-2002-1413 | 1 Novell | 1 Netware | 2025-04-03 | 7.5 HIGH | N/A |
|
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.
|
|||||
| CVE-1999-1086 | 1 Novell | 1 Netware | 2025-04-03 | 10.0 HIGH | N/A |
|
Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls.
|
|||||
| CVE-2004-2314 | 1 Novell | 1 Ichain | 2025-04-03 | 7.5 HIGH | N/A |
|
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access.
|
|||||
| CVE-2002-1754 | 1 Novell | 1 Netware Client | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname.
|
|||||
| CVE-2004-2757 | 1 Novell | 1 Ichain | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter.
|
|||||
| CVE-2006-4186 | 1 Novell | 1 Edirectory | 2025-04-03 | 2.1 LOW | N/A |
|
The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file.
|
|||||
| CVE-2004-2554 | 1 Novell | 1 Client Firewall | 2025-04-03 | 7.2 HIGH | N/A |
|
Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges.
|
|||||
| CVE-2002-0929 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests.
|
|||||
| CVE-2005-1763 | 2 Novell, Suse | 2 Linux Desktop, Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.
|
|||||
| CVE-2000-0600 | 2 Netscape, Novell | 2 Enterprise Server, Netware | 2025-04-03 | 7.5 HIGH | N/A |
|
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.
|
|||||
| CVE-2005-1060 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets.
|
|||||
| CVE-2004-2414 | 1 Novell | 1 Netware | 2025-04-03 | 2.1 LOW | N/A |
|
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
|
|||||
| CVE-2005-2176 | 1 Novell | 1 Netmail | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
|
|||||
| CVE-2005-2551 | 1 Novell | 1 Edirectory | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
|
|||||
| CVE-2001-1233 | 1 Novell | 2 Groupwise Webaccess, Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
|
|||||
| CVE-2005-1543 | 1 Novell | 5 Zenworks, Zenworks Desktops, Zenworks Remote Management and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests.
|
|||||
| CVE-2002-2083 | 1 Novell | 1 Netware | 2025-04-03 | 2.1 LOW | N/A |
|
The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.
|
|||||
| CVE-2006-3425 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2025-04-03 | 7.5 HIGH | N/A |
|
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
|
|||||