VYPR

Vendor CVEs

Novell

All CVEs

755 total · sorted by risk
  • CVE-2011-1703Jun 9, 2011
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url.

  • CVE-2011-1702Jun 9, 2011
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url.

  • CVE-2011-1701Jun 9, 2011
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url.

  • CVE-2011-1700Jun 9, 2011
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url.

  • CVE-2011-1699Jun 9, 2011
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url.

  • CVE-2011-1711Jun 9, 2011
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors.

  • CVE-2011-0995May 13, 2011
    risk 0.00cvss epss 0.00

    The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.

  • CVE-2011-0988Apr 18, 2011
    risk 0.00cvss epss 0.00

    pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified…

  • CVE-2011-0992Apr 13, 2011
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.

  • CVE-2011-0991Apr 13, 2011
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.

  • CVE-2011-0990Apr 13, 2011
    risk 0.00cvss epss 0.02

    Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service…

  • CVE-2011-0989Apr 13, 2011
    risk 0.00cvss epss 0.03

    The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service…

  • CVE-2011-0466Apr 10, 2011
    risk 0.00cvss epss 0.01

    The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors.

  • CVE-2011-0462Apr 10, 2011
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-1551Mar 30, 2011
    risk 0.00cvss epss 0.00

    SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon.

  • CVE-2011-0464Mar 9, 2011
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2010-4327Feb 10, 2011
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524.

  • CVE-2010-4716Jan 31, 2011
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-4714Jan 31, 2011
    risk 0.00cvss epss 0.06

    Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4)…

  • CVE-2010-4713Jan 31, 2011
    risk 0.00cvss epss 0.06

    Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header.

  • CVE-2010-2779Jan 28, 2011
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."

  • CVE-2010-2778Jan 28, 2011
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."

  • CVE-2010-3912Jan 13, 2011
    risk 0.00cvss epss 0.02

    The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.

  • CVE-2010-4322Jan 7, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.

  • CVE-2010-4324Jan 7, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-4254Dec 6, 2010
    risk 0.00cvss epss 0.14

    Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.

  • CVE-2010-3110Oct 12, 2010
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.

  • CVE-2010-3264Sep 8, 2010
    risk 0.00cvss epss 0.00

    The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.

  • CVE-2010-1507Sep 3, 2010
    risk 0.00cvss epss 0.02

    WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.

  • CVE-2010-1325Sep 3, 2010
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter…

  • CVE-2010-3109Aug 23, 2010
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter.

  • CVE-2010-3108Aug 23, 2010
    risk 0.00cvss epss 0.05

    Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names.

  • CVE-2010-3107Aug 23, 2010
    risk 0.00cvss epss 0.01

    A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a…

  • CVE-2010-3105Aug 23, 2010
    risk 0.00cvss epss 0.03

    The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details…

  • CVE-2009-4879May 26, 2010
    risk 0.00cvss epss 0.01

    The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.

  • CVE-2009-4878May 26, 2010
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.

  • CVE-2010-0625Apr 5, 2010
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE…

  • CVE-2007-6735Apr 5, 2010
    risk 0.00cvss epss 0.02

    NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session.

  • CVE-2007-6734Apr 5, 2010
    risk 0.00cvss epss 0.01

    NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors.

  • CVE-2005-4888Apr 5, 2010
    risk 0.00cvss epss 0.02

    NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed.

  • CVE-2005-4887Apr 5, 2010
    risk 0.00cvss epss 0.01

    NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords.

  • CVE-2004-2767Apr 5, 2010
    risk 0.00cvss epss 0.01

    NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session.

  • CVE-2003-1596Apr 5, 2010
    risk 0.00cvss epss 0.02

    NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session.

  • CVE-2003-1595Apr 5, 2010
    risk 0.00cvss epss 0.02

    NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors.

  • CVE-2003-1594Apr 5, 2010
    risk 0.00cvss epss 0.02

    NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session.

  • CVE-2003-1593Apr 5, 2010
    risk 0.00cvss epss 0.02

    NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection.

  • CVE-2003-1592Apr 5, 2010
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password.

  • CVE-2003-1591Apr 5, 2010
    risk 0.00cvss epss 0.01

    NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload.

  • CVE-2002-2434Apr 5, 2010
    risk 0.00cvss epss 0.02

    NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service (abend) via multiple FTP sessions.

  • CVE-2002-2433Apr 5, 2010
    risk 0.00cvss epss 0.01

    NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.

Page 11 of 16