Netware
by Novell
CVEs (75)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-0524 | Med | 0.29 | 4.0 | 0.32 | Aug 1, 1997 | ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||
| CVE-2005-2852 | 0.06 | — | 0.40 | Sep 8, 2005 | Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm. | |||
| CVE-2011-4191 | 0.04 | — | 0.10 | Nov 30, 2011 | Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets. | |||
| CVE-2010-4228 | 0.04 | — | 0.15 | Mar 22, 2011 | Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4. | |||
| CVE-2010-4227 | 0.04 | — | 0.17 | Feb 25, 2011 | The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow. | |||
| CVE-2010-2351 | 0.04 | — | 0.16 | Jun 21, 2010 | Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName. | |||
| CVE-2010-0317 | 0.04 | — | 0.10 | Jan 15, 2010 | Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent… | |||
| CVE-2004-2104 | 0.04 | — | 0.12 | Dec 31, 2004 | Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm. | |||
| CVE-2003-0562 | 0.04 | — | 0.14 | Aug 27, 2003 | Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string. | |||
| CVE-2002-1436 | 0.04 | — | 0.07 | Apr 11, 2003 | The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request. | |||
| CVE-2002-1634 | 0.04 | — | 0.17 | Dec 31, 2002 | Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl. | |||
| CVE-1999-1020 | 0.04 | — | 0.07 | Sep 18, 1998 | The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE. | |||
| CVE-2000-0669 | 0.03 | — | 0.03 | Jul 11, 2000 | Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data. | |||
| CVE-2000-0257 | 0.03 | — | 0.03 | Apr 19, 2000 | Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. | |||
| CVE-1999-0470 | 0.03 | — | 0.03 | Apr 9, 1999 | A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. | |||
| CVE-2009-5153 | 0.01 | — | 0.06 | Nov 21, 2018 | In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. | |||
| CVE-2002-1417 | 0.01 | — | 0.17 | Apr 11, 2003 | Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the… | |||
| CVE-2002-1437 | 0.01 | — | 0.17 | Apr 11, 2003 | Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences. | |||
| CVE-2010-0625 | 0.00 | — | 0.05 | Apr 5, 2010 | Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE… | |||
| CVE-2007-6735 | 0.00 | — | 0.02 | Apr 5, 2010 | NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session. |
- risk 0.29cvss 4.0epss 0.32
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
- CVE-2005-2852Sep 8, 2005risk 0.06cvss —epss 0.40
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.
- CVE-2011-4191Nov 30, 2011risk 0.04cvss —epss 0.10
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.
- CVE-2010-4228Mar 22, 2011risk 0.04cvss —epss 0.15
Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.
- CVE-2010-4227Feb 25, 2011risk 0.04cvss —epss 0.17
The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow.
- CVE-2010-2351Jun 21, 2010risk 0.04cvss —epss 0.16
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
- CVE-2010-0317Jan 15, 2010risk 0.04cvss —epss 0.10
Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent…
- CVE-2004-2104Dec 31, 2004risk 0.04cvss —epss 0.12
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm.
- CVE-2003-0562Aug 27, 2003risk 0.04cvss —epss 0.14
Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string.
- CVE-2002-1436Apr 11, 2003risk 0.04cvss —epss 0.07
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.
- CVE-2002-1634Dec 31, 2002risk 0.04cvss —epss 0.17
Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl.
- CVE-1999-1020Sep 18, 1998risk 0.04cvss —epss 0.07
The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.
- CVE-2000-0669Jul 11, 2000risk 0.03cvss —epss 0.03
Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.
- CVE-2000-0257Apr 19, 2000risk 0.03cvss —epss 0.03
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.
- CVE-1999-0470Apr 9, 1999risk 0.03cvss —epss 0.03
A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.
- CVE-2009-5153Nov 21, 2018risk 0.01cvss —epss 0.06
In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted.
- CVE-2002-1417Apr 11, 2003risk 0.01cvss —epss 0.17
Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the…
- CVE-2002-1437Apr 11, 2003risk 0.01cvss —epss 0.17
Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.
- CVE-2010-0625Apr 5, 2010risk 0.00cvss —epss 0.05
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE…
- CVE-2007-6735Apr 5, 2010risk 0.00cvss —epss 0.02
NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session.
Page 1 of 4