VYPR

Vendor CVEs

Novell

All CVEs

755 total · sorted by risk
  • CVE-2005-1247Jan 15, 2004
    risk 0.00cvss epss 0.02

    webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability.

  • CVE-2003-1551Dec 31, 2003
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."

  • CVE-2003-0976Dec 15, 2003
    risk 0.00cvss epss 0.01

    NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host.

  • CVE-2003-1150Oct 27, 2003
    risk 0.00cvss epss 0.04

    Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.

  • CVE-2003-0638Aug 27, 2003
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script…

  • CVE-2003-0639Aug 27, 2003
    risk 0.00cvss epss 0.01

    Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.

  • CVE-2003-0635Aug 27, 2003
    risk 0.00cvss epss 0.01

    Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM.

  • CVE-2003-0636Aug 27, 2003
    risk 0.00cvss epss 0.01

    Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.

  • CVE-2003-0637Aug 27, 2003
    risk 0.00cvss epss 0.01

    Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.

  • CVE-2002-1418Apr 11, 2003
    risk 0.00cvss epss 0.03

    Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name.

  • CVE-2002-1438Apr 11, 2003
    risk 0.00cvss epss 0.02

    The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.

  • CVE-2002-1413Apr 11, 2003
    risk 0.00cvss epss 0.03

    RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.

  • CVE-2002-1552Mar 31, 2003
    risk 0.00cvss epss 0.01

    Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager.

  • CVE-2002-1658Dec 31, 2002
    risk 0.00cvss epss 0.01

    Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of…

  • CVE-2002-2096Dec 31, 2002
    risk 0.00cvss epss 0.04

    Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.

  • CVE-2002-1754Dec 31, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname.

  • CVE-2002-1772Dec 31, 2002
    risk 0.00cvss epss 0.00

    Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a…

  • CVE-2002-2083Dec 31, 2002
    risk 0.00cvss epss 0.00

    The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.

  • CVE-2002-1283Nov 29, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute.

  • CVE-2002-1088Oct 4, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.

  • CVE-2002-0997Oct 4, 2002
    risk 0.00cvss epss 0.02

    Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.

  • CVE-2002-0929Oct 4, 2002
    risk 0.00cvss epss 0.02

    Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests.

  • CVE-2002-0930Oct 4, 2002
    risk 0.00cvss epss 0.02

    Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command.

  • CVE-2002-0996Oct 4, 2002
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb.

  • CVE-2002-1002Oct 4, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name.

  • CVE-2002-0781Aug 12, 2002
    risk 0.00cvss epss 0.02

    RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND.

  • CVE-2002-0530Aug 12, 2002
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter.

  • CVE-2002-0780Aug 12, 2002
    risk 0.00cvss epss 0.02

    IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND.

  • CVE-2002-0782Aug 12, 2002
    risk 0.00cvss epss 0.02

    Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public…

  • CVE-2002-0779Aug 12, 2002
    risk 0.00cvss epss 0.02

    FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data.

  • CVE-2002-0791Aug 12, 2002
    risk 0.00cvss epss 0.02

    Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length.

  • CVE-2002-0341Jun 25, 2002
    risk 0.00cvss epss 0.01

    GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter.

  • CVE-2002-0303May 31, 2002
    risk 0.00cvss epss 0.00

    GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.

  • CVE-2001-1580Dec 31, 2001
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.

  • CVE-2001-0918Nov 22, 2001
    risk 0.00cvss epss 0.02

    Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely.

  • CVE-2001-1458Oct 15, 2001
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.

  • CVE-2001-1232Aug 14, 2001
    risk 0.00cvss epss 0.02

    GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".

  • CVE-2001-1231Aug 14, 2001
    risk 0.00cvss epss 0.02

    GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.

  • CVE-2001-1233Aug 14, 2001
    risk 0.00cvss epss 0.02

    Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.

  • CVE-2001-0355Jun 27, 2001
    risk 0.00cvss epss 0.01

    Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.

  • CVE-1999-0805Mar 12, 2001
    risk 0.00cvss epss 0.01

    Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests.

  • CVE-2000-0793Oct 20, 2000
    risk 0.00cvss epss 0.02

    Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.

  • CVE-2000-0651Jul 7, 2000
    risk 0.00cvss epss 0.02

    The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine.

  • CVE-2000-0591Jul 5, 2000
    risk 0.00cvss epss 0.01

    Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.

  • CVE-2000-0600Jun 26, 2000
    risk 0.00cvss epss 0.02

    Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.

  • CVE-1999-1382Dec 31, 1999
    risk 0.00cvss epss 0.00

    NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.

  • CVE-1999-1307Dec 31, 1999
    risk 0.00cvss epss 0.00

    Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges.

  • CVE-1999-1320Dec 31, 1999
    risk 0.00cvss epss 0.00

    Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.

  • CVE-1999-1293Dec 31, 1999
    risk 0.00cvss epss 0.04

    mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.

  • CVE-1999-1006Dec 19, 1999
    risk 0.00cvss epss 0.01

    Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.

Page 15 of 16