Vendor CVEs
Novell
All CVEs
755 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2804 | 0.03 | — | 0.05 | Oct 4, 2005 | Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key. | |||
| CVE-2005-2276 | 0.03 | — | 0.02 | Jul 26, 2005 | Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "jAvascript" in an IMG tag. | |||
| CVE-2005-2176 | 0.03 | — | 0.04 | Jul 9, 2005 | Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | |||
| CVE-1999-1081 | 0.03 | — | 0.03 | Jan 15, 2002 | Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files. | |||
| CVE-2001-0486 | 0.03 | — | 0.05 | Jul 2, 2001 | Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353. | |||
| CVE-2000-0669 | 0.03 | — | 0.03 | Jul 11, 2000 | Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data. | |||
| CVE-2000-0257 | 0.03 | — | 0.03 | Apr 19, 2000 | Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. | |||
| CVE-2000-0152 | 0.03 | — | 0.05 | Mar 30, 2000 | Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000. | |||
| CVE-1999-0864 | 0.03 | — | 0.01 | Dec 3, 1999 | UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. | |||
| CVE-1999-0470 | 0.03 | — | 0.03 | Apr 9, 1999 | A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. | |||
| CVE-1999-0175 | 0.03 | — | 0.06 | Jul 1, 1996 | The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. | |||
| CVE-2015-0779 | 0.02 | — | 0.75 | Jun 7, 2015 | Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename… | |||
| CVE-2010-4229 | 0.02 | — | 0.25 | Apr 18, 2011 | Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code,… | |||
| CVE-2008-0639 | 0.02 | — | 0.23 | Feb 13, 2008 | Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than… | |||
| CVE-2007-2954 | 0.02 | — | 0.24 | Aug 31, 2007 | Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other… | |||
| CVE-2007-2171 | 0.02 | — | 0.24 | Apr 24, 2007 | Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request. | |||
| CVE-2007-1350 | 0.02 | — | 0.19 | Mar 8, 2007 | Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. | |||
| CVE-2023-5762 | 0.01 | — | 0.02 | Dec 4, 2023 | The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. | |||
| CVE-2022-28704 | 0.01 | — | 0.02 | Jun 13, 2022 | Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN… | |||
| CVE-2009-5153 | 0.01 | — | 0.06 | Nov 21, 2018 | In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. | |||
| CVE-2015-2716 | 0.01 | — | 0.07 | May 14, 2015 | Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. | |||
| CVE-2015-0459 | 0.01 | — | 0.06 | Apr 16, 2015 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. | |||
| CVE-2015-3044 | 0.01 | — | 0.09 | Apr 14, 2015 | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | |||
| CVE-2015-0408 | 0.01 | — | 0.07 | Jan 21, 2015 | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. | |||
| CVE-2014-6601 | 0.01 | — | 0.07 | Jan 21, 2015 | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | |||
| CVE-2013-3706 | 0.01 | — | 0.08 | Mar 6, 2014 | Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595. | |||
| CVE-2013-1082 | 0.01 | — | 0.13 | Mar 29, 2013 | Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. | |||
| CVE-2011-2220 | 0.01 | — | 0.16 | Jul 14, 2011 | Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element. | |||
| CVE-2011-0994 | 0.01 | — | 0.18 | Apr 10, 2011 | Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data. | |||
| CVE-2011-0742 | 0.01 | — | 0.09 | Feb 2, 2011 | Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400. | |||
| CVE-2010-4712 | 0.01 | — | 0.07 | Jan 31, 2011 | Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted… | |||
| CVE-2010-4326 | 0.01 | — | 0.10 | Jan 28, 2011 | Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE… | |||
| CVE-2010-4325 | 0.01 | — | 0.10 | Jan 28, 2011 | Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message. | |||
| CVE-2010-4299 | 0.01 | — | 0.08 | Nov 22, 2010 | Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400. | |||
| CVE-2010-0284 | 0.01 | — | 0.06 | Jun 18, 2010 | Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create… | |||
| CVE-2009-0895 | 0.01 | — | 0.07 | Dec 3, 2009 | Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. | |||
| CVE-2009-1636 | 0.01 | — | 0.08 | May 26, 2009 | Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command. | |||
| CVE-2008-4480 | 0.01 | — | 0.11 | Oct 14, 2008 | Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap… | |||
| CVE-2008-4479 | 0.01 | — | 0.10 | Oct 14, 2008 | Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header. | |||
| CVE-2008-4478 | 0.01 | — | 0.10 | Oct 14, 2008 | Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which… | |||
| CVE-2008-3159 | 0.01 | — | 0.09 | Jul 14, 2008 | Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic." | |||
| CVE-2007-6701 | 0.01 | — | 0.07 | Feb 13, 2008 | Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than… | |||
| CVE-2007-6435 | 0.01 | — | 0.07 | Dec 18, 2007 | Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail. | |||
| CVE-2007-5767 | 0.01 | — | 0.07 | Nov 2, 2007 | Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character… | |||
| CVE-2006-6450 | 0.01 | — | 0.18 | Dec 10, 2006 | Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters. | |||
| CVE-2006-6299 | 0.01 | — | 0.10 | Dec 5, 2006 | Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow. | |||
| CVE-2006-4509 | 0.01 | — | 0.07 | Oct 24, 2006 | Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. | |||
| CVE-2006-4510 | 0.01 | — | 0.06 | Oct 24, 2006 | The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid… | |||
| CVE-2006-2496 | 0.01 | — | 0.09 | May 20, 2006 | Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | |||
| CVE-2006-2304 | 0.01 | — | 0.08 | May 11, 2006 | Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the… |
- CVE-2005-2804Oct 4, 2005risk 0.03cvss —epss 0.05
Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key.
- CVE-2005-2276Jul 26, 2005risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "jAvascript" in an IMG tag.
- CVE-2005-2176Jul 9, 2005risk 0.03cvss —epss 0.04
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
- CVE-1999-1081Jan 15, 2002risk 0.03cvss —epss 0.03
Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files.
- CVE-2001-0486Jul 2, 2001risk 0.03cvss —epss 0.05
Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.
- CVE-2000-0669Jul 11, 2000risk 0.03cvss —epss 0.03
Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.
- CVE-2000-0257Apr 19, 2000risk 0.03cvss —epss 0.03
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.
- CVE-2000-0152Mar 30, 2000risk 0.03cvss —epss 0.05
Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000.
- CVE-1999-0864Dec 3, 1999risk 0.03cvss —epss 0.01
UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.
- CVE-1999-0470Apr 9, 1999risk 0.03cvss —epss 0.03
A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.
- CVE-1999-0175Jul 1, 1996risk 0.03cvss —epss 0.06
The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server.
- CVE-2015-0779Jun 7, 2015risk 0.02cvss —epss 0.75
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename…
- CVE-2010-4229Apr 18, 2011risk 0.02cvss —epss 0.25
Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code,…
- CVE-2008-0639Feb 13, 2008risk 0.02cvss —epss 0.23
Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than…
- CVE-2007-2954Aug 31, 2007risk 0.02cvss —epss 0.24
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other…
- CVE-2007-2171Apr 24, 2007risk 0.02cvss —epss 0.24
Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.
- CVE-2007-1350Mar 8, 2007risk 0.02cvss —epss 0.19
Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.
- CVE-2023-5762Dec 4, 2023risk 0.01cvss —epss 0.02
The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.
- CVE-2022-28704Jun 13, 2022risk 0.01cvss —epss 0.02
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN…
- CVE-2009-5153Nov 21, 2018risk 0.01cvss —epss 0.06
In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted.
- CVE-2015-2716May 14, 2015risk 0.01cvss —epss 0.07
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
- CVE-2015-0459Apr 16, 2015risk 0.01cvss —epss 0.06
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.
- CVE-2015-3044Apr 14, 2015risk 0.01cvss —epss 0.09
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
- CVE-2015-0408Jan 21, 2015risk 0.01cvss —epss 0.07
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
- CVE-2014-6601Jan 21, 2015risk 0.01cvss —epss 0.07
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
- CVE-2013-3706Mar 6, 2014risk 0.01cvss —epss 0.08
Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595.
- CVE-2013-1082Mar 29, 2013risk 0.01cvss —epss 0.13
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter.
- CVE-2011-2220Jul 14, 2011risk 0.01cvss —epss 0.16
Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element.
- CVE-2011-0994Apr 10, 2011risk 0.01cvss —epss 0.18
Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.
- CVE-2011-0742Feb 2, 2011risk 0.01cvss —epss 0.09
Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400.
- CVE-2010-4712Jan 31, 2011risk 0.01cvss —epss 0.07
Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted…
- CVE-2010-4326Jan 28, 2011risk 0.01cvss —epss 0.10
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE…
- CVE-2010-4325Jan 28, 2011risk 0.01cvss —epss 0.10
Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message.
- CVE-2010-4299Nov 22, 2010risk 0.01cvss —epss 0.08
Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400.
- CVE-2010-0284Jun 18, 2010risk 0.01cvss —epss 0.06
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create…
- CVE-2009-0895Dec 3, 2009risk 0.01cvss —epss 0.07
Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.
- CVE-2009-1636May 26, 2009risk 0.01cvss —epss 0.08
Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command.
- CVE-2008-4480Oct 14, 2008risk 0.01cvss —epss 0.11
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap…
- CVE-2008-4479Oct 14, 2008risk 0.01cvss —epss 0.10
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.
- CVE-2008-4478Oct 14, 2008risk 0.01cvss —epss 0.10
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which…
- CVE-2008-3159Jul 14, 2008risk 0.01cvss —epss 0.09
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."
- CVE-2007-6701Feb 13, 2008risk 0.01cvss —epss 0.07
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than…
- CVE-2007-6435Dec 18, 2007risk 0.01cvss —epss 0.07
Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail.
- CVE-2007-5767Nov 2, 2007risk 0.01cvss —epss 0.07
Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character…
- CVE-2006-6450Dec 10, 2006risk 0.01cvss —epss 0.18
Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters.
- CVE-2006-6299Dec 5, 2006risk 0.01cvss —epss 0.10
Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow.
- CVE-2006-4509Oct 24, 2006risk 0.01cvss —epss 0.07
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.
- CVE-2006-4510Oct 24, 2006risk 0.01cvss —epss 0.06
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid…
- CVE-2006-2496May 20, 2006risk 0.01cvss —epss 0.09
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
- CVE-2006-2304May 11, 2006risk 0.01cvss —epss 0.08
Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the…
Page 6 of 16