VYPR
Vendor

Novell

Novell, Inc. was an American software and services company headquartered in Provo, Utah, that existed from 1980 until 2014. Its most significant product was the multi-platform network operating system known as NetWare. Novell technology contributed to the emergence of local area networks, which displaced the dominant mainframe computing model and changed computing worldwide.

Founded 1979
Products
169
CVEs
755
Across products
938
Status
Private

Products

169
View all 169 products →

Recent CVEs

755
View all 755 CVEs →
  • CVE-2014-7169CriKEVSep 25, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…

  • CVE-2014-6271CriKEVSep 24, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…

  • CVE-2015-3043CriKEVApr 14, 2015
    risk 0.85cvss 9.8epss 0.80

    Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in…

  • CVE-2016-7552CriApr 12, 2017
    risk 0.74cvss 9.8epss 0.93

    On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.

  • CVE-2017-14706CriSep 22, 2017
    risk 0.69cvss 9.8epss 0.28

    DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12,…

  • CVE-2015-0786CriAug 9, 2017
    risk 0.66cvss 9.8epss 0.24

    Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2024-56404CriJan 24, 2025
    risk 0.64cvss 9.9epss 0.01

    In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.

  • CVE-2015-0782CriAug 9, 2017
    risk 0.64cvss 9.8epss 0.07

    SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-0781CriAug 9, 2017
    risk 0.64cvss 9.8epss 0.04

    Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.

  • CVE-2015-0780CriAug 9, 2017
    risk 0.64cvss 9.8epss 0.08

    SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-9961CriJun 6, 2017
    risk 0.64cvss 9.8epss 0.04

    game-music-emu before 0.6.1 mishandles unspecified integer values.

  • CVE-2017-7432CriMay 3, 2017
    risk 0.64cvss 9.8epss 0.02

    Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.

  • CVE-2016-5762CriApr 20, 2017
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.

  • CVE-2016-4303CriSep 26, 2016
    risk 0.64cvss 9.8epss 0.07

    The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

  • CVE-2016-1629CriFeb 21, 2016
    risk 0.64cvss 9.8epss 0.03

    Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.

  • CVE-2008-5038CriNov 12, 2008
    risk 0.64cvss 9.8epss 0.06

    Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension…

  • CVE-2002-2119CriDec 31, 2002
    risk 0.64cvss 9.8epss 0.03

    Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.

  • CVE-2016-1608HigAug 1, 2016
    risk 0.61cvss 8.8epss 0.11

    vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.

  • CVE-2018-12468CriAug 1, 2018
    risk 0.59cvss 9.1epss 0.02

    A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.

  • CVE-2016-5763CriNov 15, 2016
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update 10991, OES11 SP2 before Scheduled Maintenance Update 10989) might allow…