Filtered by vendor Novell
Subscribe
Total
675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2223 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2010-4715 | 1 Novell | 1 Groupwise | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2011-1707 | 1 Novell | 1 Iprint | 2025-04-11 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url.
|
|||||
| CVE-2012-2313 | 3 Linux, Novell, Redhat | 8 Linux Kernel, Suse Linux Enterprise Server, Enterprise Linux and 5 more | 2025-04-11 | 1.2 LOW | N/A |
|
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
|
|||||
| CVE-2011-4191 | 1 Novell | 1 Netware | 2025-04-11 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.
|
|||||
| CVE-2011-0990 | 2 Mono, Novell | 2 Mono, Moonlight | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
|
|||||
| CVE-2013-1081 | 1 Novell | 1 Zenworks Mobile Management | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
|
|||||
| CVE-2011-2225 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2025-04-11 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to have an unknown impact via a crafted directory pathname that is inserted into config.sh.
|
|||||
| CVE-2010-2351 | 1 Novell | 1 Netware | 2025-04-11 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
|
|||||
| CVE-2010-2779 | 1 Novell | 1 Groupwise | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."
|
|||||
| CVE-2005-4888 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed.
|
|||||
| CVE-2011-2653 | 1 Novell | 1 Zenworks Asset Management | 2025-04-11 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
|
|||||
| CVE-2011-2661 | 1 Novell | 1 Groupwise | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter.
|
|||||
| CVE-2010-3109 | 1 Novell | 1 Iprint | 2025-04-11 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter.
|
|||||
| CVE-2010-1929 | 1 Novell | 1 Imanager | 2025-04-11 | 9.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.
|
|||||
| CVE-2011-2649 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2025-04-11 | 7.5 HIGH | N/A |
|
Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call.
|
|||||
| CVE-2011-2646 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2025-04-11 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename in the list of testdrive modified files.
|
|||||
| CVE-2013-1093 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter.
|
|||||
| CVE-2010-3110 | 2 Novell, Opensuse | 2 Suse Linux, Opensuse | 2025-04-11 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2011-0466 | 1 Novell | 1 Opensuse Build Service | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors.
|
|||||
| CVE-2010-4299 | 1 Novell | 1 Zenworks Handheld Management | 2025-04-11 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400.
|
|||||
| CVE-2013-1080 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | 10.0 HIGH | N/A |
|
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
|
|||||
| CVE-2012-0272 | 1 Novell | 1 Groupwise | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter.
|
|||||
| CVE-2010-4228 | 1 Novell | 1 Netware | 2025-04-11 | 9.0 HIGH | N/A |
|
Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.
|
|||||
| CVE-2012-0410 | 1 Novell | 1 Groupwise | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter.
|
|||||
| CVE-2010-3106 | 1 Novell | 1 Iprint | 2025-04-11 | 9.3 HIGH | N/A |
|
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.
|
|||||
| CVE-2011-1696 | 1 Novell | 2 Identity Manager Roles Based Provisioning Module, Identity Manager User Application | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.
|
|||||
| CVE-2003-1594 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 7.5 HIGH | N/A |
|
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session.
|
|||||
| CVE-2011-2221 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors.
|
|||||
| CVE-2011-2648 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2025-04-11 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a filter in a modified file.
|
|||||
| CVE-2012-0417 | 1 Novell | 1 Groupwise | 2025-04-11 | 10.0 HIGH | N/A |
|
Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2013-3567 | 4 Canonical, Novell, Puppet and 1 more | 6 Ubuntu Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 3 more | 2025-04-11 | 7.5 HIGH | N/A |
|
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
|
|||||
| CVE-2010-4328 | 1 Novell | 1 Iprint Open Enterprise Server | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes.
|
|||||
| CVE-2002-2433 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 4.0 MEDIUM | N/A |
|
NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.
|
|||||
| CVE-2011-0333 | 1 Novell | 1 Groupwise | 2025-04-11 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error."
|
|||||
| CVE-2000-1246 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 3.5 LOW | N/A |
|
NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command.
|
|||||
| CVE-2001-1587 | 1 Novell | 1 Netware | 2025-04-11 | 5.0 MEDIUM | N/A |
|
NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command.
|
|||||
| CVE-2010-1527 | 1 Novell | 1 Iprint | 2025-04-11 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.
|
|||||
| CVE-2011-1701 | 1 Novell | 1 Iprint | 2025-04-11 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url.
|
|||||
| CVE-2010-4711 | 1 Novell | 1 Groupwise | 2025-04-11 | 10.0 HIGH | N/A |
|
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.
|
|||||