Filtered by vendor Novell
Subscribe
Total
675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1247 | 1 Novell | 1 Nsure Audit | 2025-04-03 | 5.0 MEDIUM | N/A |
|
webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability.
|
|||||
| CVE-2003-1551 | 1 Novell | 1 Groupwise | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."
|
|||||
| CVE-2003-1150 | 1 Novell | 2 Netware, Zenworks Desktops | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.
|
|||||
| CVE-2002-0930 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command.
|
|||||
| CVE-2005-1761 | 2 Novell, Suse | 3 Linux Desktop, Open Enterprise Server, Suse Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
|
|||||
| CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
|
|||||
| CVE-2005-2804 | 1 Novell | 1 Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key.
|
|||||
| CVE-2006-1218 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1".
|
|||||
| CVE-2006-0736 | 1 Novell | 2 Linux Desktop, Open Enterprise Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2004-2582 | 1 Novell | 1 Ichain | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2005-0819 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.
|
|||||
| CVE-2003-0636 | 1 Novell | 1 Ichain | 2025-04-03 | 7.5 HIGH | N/A |
|
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.
|
|||||
| CVE-2006-3817 | 1 Novell | 1 Groupwise Webaccess | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.
|
|||||
| CVE-2005-0746 | 1 Novell | 1 Ichain | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command.
|
|||||
| CVE-2006-3426 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
|
|||||
| CVE-1999-0175 | 1 Novell | 1 Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server.
|
|||||
| CVE-1999-0805 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests.
|
|||||
| CVE-2002-1002 | 1 Novell | 1 Emframe | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name.
|
|||||
| CVE-2006-4185 | 1 Novell | 1 Edirectory | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan.
|
|||||
| CVE-2006-3818 | 1 Novell | 1 Groupwise Webaccess | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.
|
|||||
| CVE-2000-0152 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000.
|
|||||
| CVE-2003-0562 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string.
|
|||||
| CVE-2005-3321 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
|
|||||
| CVE-2021-25252 | 7 Apple, Emc, Linux and 4 more | 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
|
|||||
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
|
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
|
|||||
| CVE-2019-9811 | 4 Debian, Mozilla, Novell and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-11-21 | 5.1 MEDIUM | 8.3 HIGH |
|
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
|
|||||
| CVE-2019-13730 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2019-11338 | 4 Canonical, Debian, Ffmpeg and 1 more | 4 Ubuntu Linux, Debian Linux, Ffmpeg and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
|
|||||
| CVE-2017-9277 | 1 Novell | 1 Edirectory | 2024-11-21 | 5.0 MEDIUM | 4.2 MEDIUM |
|
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
|
|||||
| CVE-2017-9267 | 1 Novell | 1 Edirectory | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
|
|||||
| CVE-2015-6815 | 7 Arista, Canonical, Fedoraproject and 4 more | 11 Eos, Ubuntu Linux, Fedora and 8 more | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
|
|||||
| CVE-2013-4357 | 5 Canonical, Debian, Eglibc and 2 more | 5 Ubuntu Linux, Debian Linux, Eglibc and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
|
|||||
| CVE-2013-2016 | 3 Debian, Novell, Qemu | 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
|
|||||
| CVE-2012-6345 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.
|
|||||
| CVE-2012-6344 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Novell ZENworks Configuration Management before 11.2.4 allows XSS.
|
|||||