Filtered by vendor Novell
Subscribe
Total
670 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3430 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | |||||
CVE-2004-2757 | 1 Novell | 1 Ichain | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. | |||||
CVE-2005-2176 | 1 Novell | 1 Netmail | 2023-12-10 | 6.4 MEDIUM | N/A |
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | |||||
CVE-2004-2554 | 1 Novell | 1 Client Firewall | 2023-12-10 | 7.2 HIGH | N/A |
Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges. | |||||
CVE-2004-2414 | 1 Novell | 1 Netware | 2023-12-10 | 2.1 LOW | N/A |
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. | |||||
CVE-2004-2314 | 1 Novell | 1 Ichain | 2023-12-10 | 7.5 HIGH | N/A |
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. | |||||
CVE-2005-1767 | 2 Novell, Suse | 3 Linux Desktop, Open Enterprise Server, Suse Linux | 2023-12-10 | 2.1 LOW | N/A |
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception). | |||||
CVE-2005-2276 | 1 Novell | 1 Groupwise Webaccess | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "jAvascript" in an IMG tag. | |||||
CVE-2005-0746 | 1 Novell | 1 Ichain | 2023-12-10 | 5.0 MEDIUM | N/A |
The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command. | |||||
CVE-2005-0819 | 1 Novell | 1 Netware | 2023-12-10 | 5.0 MEDIUM | N/A |
The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start. | |||||
CVE-2005-1761 | 2 Novell, Suse | 3 Linux Desktop, Open Enterprise Server, Suse Linux | 2023-12-10 | 2.1 LOW | N/A |
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function. | |||||
CVE-2005-2852 | 1 Novell | 1 Netware | 2023-12-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm. | |||||
CVE-2006-4185 | 1 Novell | 1 Edirectory | 2023-12-10 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. | |||||
CVE-2005-1756 | 1 Novell | 1 Netmail | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields. | |||||
CVE-2006-3818 | 1 Novell | 1 Groupwise Webaccess | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter. | |||||
CVE-2005-1730 | 1 Novell | 1 Imanager | 2023-12-10 | 9.3 HIGH | N/A |
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112. | |||||
CVE-2006-2304 | 1 Novell | 1 Client | 2023-12-10 | 10.0 HIGH | N/A |
Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow. | |||||
CVE-1999-1382 | 1 Novell | 1 Netware | 2023-12-10 | 7.2 HIGH | N/A |
NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program. | |||||
CVE-2002-2096 | 1 Novell | 1 Netware | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | |||||
CVE-1999-1215 | 1 Novell | 1 Netware | 2023-12-10 | 4.6 MEDIUM | N/A |
LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges. |