Vendor CVEs
Novell
All CVEs
755 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-2327 | 0.00 | — | 0.05 | May 12, 2006 | Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of… | |||
| CVE-2006-0998 | 0.00 | — | 0.03 | Mar 23, 2006 | The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session. | |||
| CVE-2006-0997 | 0.00 | — | 0.02 | Mar 23, 2006 | The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic. | |||
| CVE-2006-0999 | 0.00 | — | 0.02 | Mar 23, 2006 | The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt… | |||
| CVE-2006-1322 | 0.00 | — | 0.03 | Mar 20, 2006 | Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow. | |||
| CVE-2006-1218 | 0.00 | — | 0.02 | Mar 14, 2006 | Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1". | |||
| CVE-2006-0803 | 0.00 | — | 0.02 | Feb 23, 2006 | The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is… | |||
| CVE-2005-4790 | 0.00 | — | 0.00 | Dec 31, 2005 | Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in… | |||
| CVE-2005-3655 | 0.00 | — | 0.06 | Dec 31, 2005 | Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. | |||
| CVE-2005-1976 | 0.00 | — | 0.00 | Dec 31, 2005 | Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files. | |||
| CVE-2005-1730 | 0.00 | — | 0.05 | Dec 31, 2005 | Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap… | |||
| CVE-2005-4791 | 0.00 | — | 0.00 | Dec 31, 2005 | Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee. | |||
| CVE-2005-3786 | 0.00 | — | 0.00 | Nov 23, 2005 | Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. | |||
| CVE-2005-3321 | 0.00 | — | 0.00 | Oct 27, 2005 | chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use… | |||
| CVE-2005-2469 | 0.00 | — | 0.01 | Oct 20, 2005 | Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command. | |||
| CVE-2005-3013 | 0.00 | — | 0.01 | Sep 21, 2005 | Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry. | |||
| CVE-2005-2620 | 0.00 | — | 0.02 | Aug 17, 2005 | grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory. | |||
| CVE-2005-1761 | 0.00 | — | 0.00 | Aug 5, 2005 | Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function. | |||
| CVE-2005-1767 | 0.00 | — | 0.00 | Aug 5, 2005 | traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception). | |||
| CVE-2005-2346 | 0.00 | — | 0.03 | Aug 3, 2005 | Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section. | |||
| CVE-2005-1729 | 0.00 | — | 0.02 | Jun 12, 2005 | Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1. | |||
| CVE-2005-1763 | 0.00 | — | 0.00 | Jun 9, 2005 | Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory. | |||
| CVE-2005-1757 | 0.00 | — | 0.03 | Jun 8, 2005 | Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code. | |||
| CVE-2005-1756 | 0.00 | — | 0.02 | Jun 8, 2005 | Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields. | |||
| CVE-2005-1040 | 0.00 | — | 0.00 | May 2, 2005 | Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification." | |||
| CVE-2005-1060 | 0.00 | — | 0.02 | May 2, 2005 | Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets. | |||
| CVE-2005-0746 | 0.00 | — | 0.02 | May 2, 2005 | The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command. | |||
| CVE-2005-1065 | 0.00 | — | 0.00 | May 2, 2005 | tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory. | |||
| CVE-2005-0819 | 0.00 | — | 0.03 | May 2, 2005 | The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start. | |||
| CVE-2005-0744 | 0.00 | — | 0.02 | May 2, 2005 | The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication… | |||
| CVE-2005-0797 | 0.00 | — | 0.01 | Mar 15, 2005 | Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | |||
| CVE-2005-0798 | 0.00 | — | 0.02 | Mar 15, 2005 | Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks. | |||
| CVE-2005-0296 | 0.00 | — | 0.03 | Jan 17, 2005 | NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify… | |||
| CVE-2004-2414 | 0.00 | — | 0.00 | Dec 31, 2004 | Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. | |||
| CVE-2004-2582 | 0.00 | — | 0.02 | Dec 31, 2004 | Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information. | |||
| CVE-2004-2579 | 0.00 | — | 0.02 | Dec 31, 2004 | ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding." | |||
| CVE-2004-2336 | 0.00 | — | 0.02 | Dec 31, 2004 | Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. | |||
| CVE-2004-2554 | 0.00 | — | 0.00 | Dec 31, 2004 | Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges. | |||
| CVE-2004-2106 | 0.00 | — | 0.02 | Dec 31, 2004 | Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/. | |||
| CVE-2004-2103 | 0.00 | — | 0.02 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the… | |||
| CVE-2004-2314 | 0.00 | — | 0.02 | Dec 31, 2004 | The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. | |||
| CVE-2004-2734 | 0.00 | — | 0.04 | Dec 31, 2004 | webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. | |||
| CVE-2004-2105 | 0.00 | — | 0.02 | Dec 31, 2004 | The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. | |||
| CVE-2004-2581 | 0.00 | — | 0.02 | Dec 31, 2004 | Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string." | |||
| CVE-2004-2298 | 0.00 | — | 0.02 | Dec 31, 2004 | Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP… | |||
| CVE-2004-2658 | 0.00 | — | 0.00 | Dec 31, 2004 | resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types. | |||
| CVE-2004-2580 | 0.00 | — | 0.01 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors. | |||
| CVE-2004-2757 | 0.00 | — | 0.01 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. | |||
| CVE-2004-1457 | 0.00 | — | 0.02 | Dec 31, 2004 | The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISAKMP Protocol Test Suite. | |||
| CVE-2004-1834 | 0.00 | — | 0.04 | Mar 20, 2004 | mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. |
- CVE-2006-2327May 12, 2006risk 0.00cvss —epss 0.05
Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of…
- CVE-2006-0998Mar 23, 2006risk 0.00cvss —epss 0.03
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session.
- CVE-2006-0997Mar 23, 2006risk 0.00cvss —epss 0.02
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic.
- CVE-2006-0999Mar 23, 2006risk 0.00cvss —epss 0.02
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt…
- CVE-2006-1322Mar 20, 2006risk 0.00cvss —epss 0.03
Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow.
- CVE-2006-1218Mar 14, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1".
- CVE-2006-0803Feb 23, 2006risk 0.00cvss —epss 0.02
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is…
- CVE-2005-4790Dec 31, 2005risk 0.00cvss —epss 0.00
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in…
- CVE-2005-3655Dec 31, 2005risk 0.00cvss —epss 0.06
Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter.
- CVE-2005-1976Dec 31, 2005risk 0.00cvss —epss 0.00
Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.
- CVE-2005-1730Dec 31, 2005risk 0.00cvss —epss 0.05
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap…
- CVE-2005-4791Dec 31, 2005risk 0.00cvss —epss 0.00
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
- CVE-2005-3786Nov 23, 2005risk 0.00cvss —epss 0.00
Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One.
- CVE-2005-3321Oct 27, 2005risk 0.00cvss —epss 0.00
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use…
- CVE-2005-2469Oct 20, 2005risk 0.00cvss —epss 0.01
Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command.
- CVE-2005-3013Sep 21, 2005risk 0.00cvss —epss 0.01
Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.
- CVE-2005-2620Aug 17, 2005risk 0.00cvss —epss 0.02
grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.
- CVE-2005-1761Aug 5, 2005risk 0.00cvss —epss 0.00
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
- CVE-2005-1767Aug 5, 2005risk 0.00cvss —epss 0.00
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
- CVE-2005-2346Aug 3, 2005risk 0.00cvss —epss 0.03
Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section.
- CVE-2005-1729Jun 12, 2005risk 0.00cvss —epss 0.02
Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1.
- CVE-2005-1763Jun 9, 2005risk 0.00cvss —epss 0.00
Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.
- CVE-2005-1757Jun 8, 2005risk 0.00cvss —epss 0.03
Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code.
- CVE-2005-1756Jun 8, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields.
- CVE-2005-1040May 2, 2005risk 0.00cvss —epss 0.00
Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification."
- CVE-2005-1060May 2, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets.
- CVE-2005-0746May 2, 2005risk 0.00cvss —epss 0.02
The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command.
- CVE-2005-1065May 2, 2005risk 0.00cvss —epss 0.00
tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory.
- CVE-2005-0819May 2, 2005risk 0.00cvss —epss 0.03
The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.
- CVE-2005-0744May 2, 2005risk 0.00cvss —epss 0.02
The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication…
- CVE-2005-0797Mar 15, 2005risk 0.00cvss —epss 0.01
Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
- CVE-2005-0798Mar 15, 2005risk 0.00cvss —epss 0.02
Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks.
- CVE-2005-0296Jan 17, 2005risk 0.00cvss —epss 0.03
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify…
- CVE-2004-2414Dec 31, 2004risk 0.00cvss —epss 0.00
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
- CVE-2004-2582Dec 31, 2004risk 0.00cvss —epss 0.02
Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information.
- CVE-2004-2579Dec 31, 2004risk 0.00cvss —epss 0.02
ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding."
- CVE-2004-2336Dec 31, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
- CVE-2004-2554Dec 31, 2004risk 0.00cvss —epss 0.00
Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges.
- CVE-2004-2106Dec 31, 2004risk 0.00cvss —epss 0.02
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.
- CVE-2004-2103Dec 31, 2004risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the…
- CVE-2004-2314Dec 31, 2004risk 0.00cvss —epss 0.02
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access.
- CVE-2004-2734Dec 31, 2004risk 0.00cvss —epss 0.04
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
- CVE-2004-2105Dec 31, 2004risk 0.00cvss —epss 0.02
The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter.
- CVE-2004-2581Dec 31, 2004risk 0.00cvss —epss 0.02
Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string."
- CVE-2004-2298Dec 31, 2004risk 0.00cvss —epss 0.02
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP…
- CVE-2004-2658Dec 31, 2004risk 0.00cvss —epss 0.00
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
- CVE-2004-2580Dec 31, 2004risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors.
- CVE-2004-2757Dec 31, 2004risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter.
- CVE-2004-1457Dec 31, 2004risk 0.00cvss —epss 0.02
The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISAKMP Protocol Test Suite.
- CVE-2004-1834Mar 20, 2004risk 0.00cvss —epss 0.04
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
Page 14 of 16