VYPR

Vendor CVEs

Novell

All CVEs

755 total · sorted by risk
  • CVE-2006-2327May 12, 2006
    risk 0.00cvss epss 0.05

    Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of…

  • CVE-2006-0998Mar 23, 2006
    risk 0.00cvss epss 0.03

    The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session.

  • CVE-2006-0997Mar 23, 2006
    risk 0.00cvss epss 0.02

    The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic.

  • CVE-2006-0999Mar 23, 2006
    risk 0.00cvss epss 0.02

    The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt…

  • CVE-2006-1322Mar 20, 2006
    risk 0.00cvss epss 0.03

    Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow.

  • CVE-2006-1218Mar 14, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1".

  • CVE-2006-0803Feb 23, 2006
    risk 0.00cvss epss 0.02

    The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is…

  • CVE-2005-4790Dec 31, 2005
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in…

  • CVE-2005-3655Dec 31, 2005
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter.

  • CVE-2005-1976Dec 31, 2005
    risk 0.00cvss epss 0.00

    Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.

  • CVE-2005-1730Dec 31, 2005
    risk 0.00cvss epss 0.05

    Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap…

  • CVE-2005-4791Dec 31, 2005
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.

  • CVE-2005-3786Nov 23, 2005
    risk 0.00cvss epss 0.00

    Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One.

  • CVE-2005-3321Oct 27, 2005
    risk 0.00cvss epss 0.00

    chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use…

  • CVE-2005-2469Oct 20, 2005
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command.

  • CVE-2005-3013Sep 21, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.

  • CVE-2005-2620Aug 17, 2005
    risk 0.00cvss epss 0.02

    grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.

  • CVE-2005-1761Aug 5, 2005
    risk 0.00cvss epss 0.00

    Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.

  • CVE-2005-1767Aug 5, 2005
    risk 0.00cvss epss 0.00

    traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).

  • CVE-2005-2346Aug 3, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section.

  • CVE-2005-1729Jun 12, 2005
    risk 0.00cvss epss 0.02

    Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1.

  • CVE-2005-1763Jun 9, 2005
    risk 0.00cvss epss 0.00

    Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.

  • CVE-2005-1757Jun 8, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code.

  • CVE-2005-1756Jun 8, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields.

  • CVE-2005-1040May 2, 2005
    risk 0.00cvss epss 0.00

    Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification."

  • CVE-2005-1060May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets.

  • CVE-2005-0746May 2, 2005
    risk 0.00cvss epss 0.02

    The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command.

  • CVE-2005-1065May 2, 2005
    risk 0.00cvss epss 0.00

    tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory.

  • CVE-2005-0819May 2, 2005
    risk 0.00cvss epss 0.03

    The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.

  • CVE-2005-0744May 2, 2005
    risk 0.00cvss epss 0.02

    The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication…

  • CVE-2005-0797Mar 15, 2005
    risk 0.00cvss epss 0.01

    Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

  • CVE-2005-0798Mar 15, 2005
    risk 0.00cvss epss 0.02

    Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks.

  • CVE-2005-0296Jan 17, 2005
    risk 0.00cvss epss 0.03

    NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify…

  • CVE-2004-2414Dec 31, 2004
    risk 0.00cvss epss 0.00

    Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.

  • CVE-2004-2582Dec 31, 2004
    risk 0.00cvss epss 0.02

    Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information.

  • CVE-2004-2579Dec 31, 2004
    risk 0.00cvss epss 0.02

    ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding."

  • CVE-2004-2336Dec 31, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.

  • CVE-2004-2554Dec 31, 2004
    risk 0.00cvss epss 0.00

    Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges.

  • CVE-2004-2106Dec 31, 2004
    risk 0.00cvss epss 0.02

    Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.

  • CVE-2004-2103Dec 31, 2004
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the…

  • CVE-2004-2314Dec 31, 2004
    risk 0.00cvss epss 0.02

    The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access.

  • CVE-2004-2734Dec 31, 2004
    risk 0.00cvss epss 0.04

    webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.

  • CVE-2004-2105Dec 31, 2004
    risk 0.00cvss epss 0.02

    The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter.

  • CVE-2004-2581Dec 31, 2004
    risk 0.00cvss epss 0.02

    Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string."

  • CVE-2004-2298Dec 31, 2004
    risk 0.00cvss epss 0.02

    Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP…

  • CVE-2004-2658Dec 31, 2004
    risk 0.00cvss epss 0.00

    resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.

  • CVE-2004-2580Dec 31, 2004
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors.

  • CVE-2004-2757Dec 31, 2004
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter.

  • CVE-2004-1457Dec 31, 2004
    risk 0.00cvss epss 0.02

    The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISAKMP Protocol Test Suite.

  • CVE-2004-1834Mar 20, 2004
    risk 0.00cvss epss 0.04

    mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.