Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe
Total 671 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-5092 1 Novell 1 Edirectory 2025-04-09 10.0 HIGH N/A
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.
CVE-2007-4394 2 Novell, Suse 2 Suse Linux, Suse Linux 2025-04-09 2.1 LOW N/A
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
CVE-2006-5854 1 Novell 1 Netware Client 2025-04-09 7.5 HIGH N/A
Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.
CVE-2007-5667 2 Microsoft, Novell 5 Windows 2000, Windows 2003 Server, Windows Server 2003 and 2 more 2025-04-09 7.2 HIGH N/A
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
CVE-2006-5479 1 Novell 1 Edirectory 2025-04-09 5.0 MEDIUM N/A
The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment."
CVE-2009-0714 5 Hp, Microsoft, Novell and 2 more 5 Data Protector Express, Windows, Netware and 2 more 2025-04-09 7.2 HIGH N/A
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets.
CVE-2007-2513 1 Novell 1 Groupwise 2025-04-09 4.3 MEDIUM N/A
Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack.
CVE-2008-0935 1 Novell 2 Iprint, Iprint Client 2025-04-09 10.0 HIGH N/A
Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method.
CVE-2008-5095 1 Novell 2 Identity Manager Roles Based Provisioning Module, User Application 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-4520 1 Novell 1 Edirectory 2025-04-09 7.8 HIGH N/A
ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file.
CVE-2008-2931 5 Canonical, Debian, Linux and 2 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-09 7.2 HIGH 7.8 HIGH
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
CVE-2009-0274 1 Novell 1 Groupwise 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests.
CVE-2008-2703 1 Novell 1 Groupwise Messenger 2025-04-09 10.0 HIGH N/A
Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.
CVE-2008-4479 1 Novell 1 Edirectory 2025-04-09 10.0 HIGH N/A
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.
CVE-2002-1088 1 Novell 1 Groupwise 2025-04-03 7.5 HIGH N/A
Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.
CVE-1999-0265 2 Microware, Novell 2 Os-9, Netware 2025-04-03 5.0 MEDIUM N/A
ICMP redirect messages may crash or lock up a host.
CVE-2004-2314 1 Novell 1 Ichain 2025-04-03 7.5 HIGH N/A
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access.
CVE-2004-1457 1 Novell 1 Bordermanager 2025-04-03 5.0 MEDIUM N/A
The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISAKMP Protocol Test Suite.
CVE-1999-1005 2 Netscape, Novell 2 Enterprise Server, Groupwise 2025-04-03 5.0 MEDIUM N/A
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
CVE-2002-1417 1 Novell 2 Netware, Small Business Suite 2025-04-03 5.0 MEDIUM N/A
Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator.