VYPR

Vendor CVEs

Novell

All CVEs

755 total · sorted by risk
  • CVE-2007-5702Oct 29, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of…

  • CVE-2007-5195Oct 14, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196.

  • CVE-2007-5196Oct 14, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.

  • CVE-2007-4557Aug 28, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an…

  • CVE-2007-4526Aug 25, 2007
    risk 0.00cvss epss 0.00

    The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file.

  • CVE-2007-4432Aug 20, 2007
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX…

  • CVE-2007-4394Aug 17, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.

  • CVE-2007-3570Jul 5, 2007
    risk 0.00cvss epss 0.02

    The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.

  • CVE-2007-3571Jul 5, 2007
    risk 0.00cvss epss 0.01

    The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.

  • CVE-2007-2923Jun 18, 2007
    risk 0.00cvss epss 0.06

    The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands.

  • CVE-2007-3207Jun 18, 2007
    risk 0.00cvss epss 0.02

    Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path in a mount request.

  • CVE-2007-3200Jun 12, 2007
    risk 0.00cvss epss 0.00

    NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.

  • CVE-2007-1862Jun 4, 2007
    risk 0.00cvss epss 0.05

    The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.

  • CVE-2007-2513Jun 4, 2007
    risk 0.00cvss epss 0.01

    Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack.

  • CVE-2007-2616May 11, 2007
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request.

  • CVE-2007-2475May 2, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes."

  • CVE-2007-2476May 2, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes.

  • CVE-2006-4520Apr 30, 2007
    risk 0.00cvss epss 0.03

    ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file.

  • CVE-2006-7155Mar 7, 2007
    risk 0.00cvss epss 0.02

    Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. NOTE: this issue might be related to CVE-2006-5286.

  • CVE-2007-1309Mar 7, 2007
    risk 0.00cvss epss 0.02

    Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.

  • CVE-2007-1119Feb 27, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified…

  • CVE-2007-0108Jan 9, 2007
    risk 0.00cvss epss 0.01

    nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.

  • CVE-2006-6762Dec 27, 2006
    risk 0.00cvss epss 0.02

    The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.

  • CVE-2006-6675Dec 21, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app.

  • CVE-2006-6662Dec 20, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.

  • CVE-2006-6443Dec 10, 2006
    risk 0.00cvss epss 0.02

    Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors.

  • CVE-2006-6307Dec 5, 2006
    risk 0.00cvss epss 0.02

    srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary.

  • CVE-2006-6306Dec 5, 2006
    risk 0.00cvss epss 0.00

    Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.

  • CVE-2006-5813Nov 8, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable…

  • CVE-2006-5814Nov 8, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable…

  • CVE-2006-4521Nov 4, 2006
    risk 0.00cvss epss 0.02

    The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service…

  • CVE-2006-4517Nov 1, 2006
    risk 0.00cvss epss 0.03

    Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.

  • CVE-2006-4177Oct 24, 2006
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.

  • CVE-2006-5479Oct 24, 2006
    risk 0.00cvss epss 0.01

    The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment."

  • CVE-2006-5286Oct 13, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to "VPN issues" for certain "IKE and IPsec settings."

  • CVE-2006-4511Oct 5, 2006
    risk 0.00cvss epss 0.03

    Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in…

  • CVE-2006-4803Sep 14, 2006
    risk 0.00cvss epss 0.01

    The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection."

  • CVE-2006-4506Aug 31, 2006
    risk 0.00cvss epss 0.01

    idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection.

  • CVE-2006-4185Aug 17, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan.

  • CVE-2006-4186Aug 17, 2006
    risk 0.00cvss epss 0.01

    The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file.

  • CVE-2006-3818Aug 11, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.

  • CVE-2006-3817Aug 11, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the…

  • CVE-2006-3697Jul 21, 2006
    risk 0.00cvss epss 0.00

    Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which…

  • CVE-2006-3430Jul 7, 2006
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.

  • CVE-2006-3426Jul 7, 2006
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2)…

  • CVE-2006-3425Jul 7, 2006
    risk 0.00cvss epss 0.02

    FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point…

  • CVE-2006-3268Jun 29, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office.

  • CVE-2006-2752Jun 1, 2006
    risk 0.00cvss epss 0.01

    The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password.

  • CVE-2006-2612May 26, 2006
    risk 0.00cvss epss 0.00

    Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt.

  • CVE-2006-2185May 22, 2006
    risk 0.00cvss epss 0.02

    PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges.

Page 13 of 16