Netware
by Novell
CVEs (75)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1772 | 0.00 | — | 0.00 | Dec 31, 2002 | Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a… | |||
| CVE-2002-2096 | 0.00 | — | 0.04 | Dec 31, 2002 | Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | |||
| CVE-2002-0930 | 0.00 | — | 0.02 | Oct 4, 2002 | Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command. | |||
| CVE-2002-0929 | 0.00 | — | 0.02 | Oct 4, 2002 | Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests. | |||
| CVE-2002-0791 | 0.00 | — | 0.02 | Aug 12, 2002 | Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length. | |||
| CVE-2001-1580 | 0.00 | — | 0.03 | Dec 31, 2001 | Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string. | |||
| CVE-2001-1233 | 0.00 | — | 0.02 | Aug 14, 2001 | Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm. | |||
| CVE-1999-0805 | 0.00 | — | 0.01 | Mar 12, 2001 | Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests. | |||
| CVE-2000-0600 | 0.00 | — | 0.02 | Jun 26, 2000 | Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL. | |||
| CVE-1999-1382 | 0.00 | — | 0.00 | Dec 31, 1999 | NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program. | |||
| CVE-1999-1320 | 0.00 | — | 0.00 | Dec 31, 1999 | Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing. | |||
| CVE-1999-1086 | 0.00 | — | 0.03 | Jul 15, 1999 | Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls. | |||
| CVE-1999-0929 | 0.00 | — | 0.02 | Jun 16, 1999 | Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests. | |||
| CVE-1999-0265 | 0.00 | — | 0.01 | Jan 1, 1997 | ICMP redirect messages may crash or lock up a host. | |||
| CVE-1999-1215 | 0.00 | — | 0.00 | Sep 16, 1993 | LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges. |
- CVE-2002-1772Dec 31, 2002risk 0.00cvss —epss 0.00
Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a…
- CVE-2002-2096Dec 31, 2002risk 0.00cvss —epss 0.04
Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
- CVE-2002-0930Oct 4, 2002risk 0.00cvss —epss 0.02
Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command.
- CVE-2002-0929Oct 4, 2002risk 0.00cvss —epss 0.02
Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests.
- CVE-2002-0791Aug 12, 2002risk 0.00cvss —epss 0.02
Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length.
- CVE-2001-1580Dec 31, 2001risk 0.00cvss —epss 0.03
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.
- CVE-2001-1233Aug 14, 2001risk 0.00cvss —epss 0.02
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
- CVE-1999-0805Mar 12, 2001risk 0.00cvss —epss 0.01
Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests.
- CVE-2000-0600Jun 26, 2000risk 0.00cvss —epss 0.02
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.
- CVE-1999-1382Dec 31, 1999risk 0.00cvss —epss 0.00
NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.
- CVE-1999-1320Dec 31, 1999risk 0.00cvss —epss 0.00
Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.
- CVE-1999-1086Jul 15, 1999risk 0.00cvss —epss 0.03
Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls.
- CVE-1999-0929Jun 16, 1999risk 0.00cvss —epss 0.02
Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests.
- CVE-1999-0265Jan 1, 1997risk 0.00cvss —epss 0.01
ICMP redirect messages may crash or lock up a host.
- CVE-1999-1215Sep 16, 1993risk 0.00cvss —epss 0.00
LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges.
Page 4 of 4