Filtered by vendor Novell
Subscribe
Total
670 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4326 | 1 Novell | 1 Groupwise | 2017-08-16 | 10.0 HIGH | N/A |
| Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message. | |||||
| CVE-2010-3912 | 1 Novell | 1 Suse Linux | 2017-08-16 | 10.0 HIGH | N/A |
| The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. | |||||
| CVE-2010-4228 | 1 Novell | 1 Netware | 2017-08-16 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4. | |||||
| CVE-2011-0991 | 2 Mono, Novell | 2 Mono, Moonlight | 2017-08-16 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance. | |||||
| CVE-2011-0992 | 2 Mono, Novell | 2 Mono, Moonlight | 2017-08-16 | 5.8 MEDIUM | N/A |
| Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. | |||||
| CVE-2011-0993 | 1 Novell | 1 Suse Lifecycle Management Server | 2017-08-16 | 2.1 LOW | N/A |
| SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2011-0464 | 1 Novell | 1 Vibe Onprem | 2017-08-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-0995 | 2 Novell, Rubyforge | 2 Suse Linux Enterprise, Rubygem-sqlite3 | 2017-08-16 | 2.1 LOW | N/A |
| The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | |||||
| CVE-2011-0988 | 2 Novell, Pureftpd | 2 Suse Linux, Pure-ftpd | 2017-08-16 | 4.4 MEDIUM | N/A |
| pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. | |||||
| CVE-2010-1325 | 1 Novell | 2 Suse Lifecycle Management Server, Suse Linux | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect. | |||||
| CVE-2009-4878 | 1 Novell | 1 Access Manager | 2017-08-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors. | |||||
| CVE-2009-4662 | 1 Novell | 1 Groupwise | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter. | |||||
| CVE-2010-0284 | 2 Microsoft, Novell | 2 Windows, Access Manager | 2017-08-16 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678. | |||||
| CVE-2009-4486 | 1 Novell | 1 Imanager | 2017-08-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema. | |||||
| CVE-2009-4655 | 1 Novell | 1 Edirectory | 2017-08-16 | 7.5 HIGH | N/A |
| The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | |||||
| CVE-2009-2457 | 1 Novell | 1 Edirectory | 2017-08-16 | 5.0 MEDIUM | N/A |
| The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. | |||||
| CVE-2009-1634 | 1 Novell | 1 Groupwise | 2017-08-16 | 7.5 HIGH | N/A |
| The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. | |||||
| CVE-2009-0895 | 1 Novell | 1 Edirectory | 2017-08-16 | 10.0 HIGH | N/A |
| Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. | |||||
| CVE-2009-2456 | 1 Novell | 1 Edirectory | 2017-08-16 | 5.0 MEDIUM | N/A |
| The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). | |||||
| CVE-2016-3951 | 4 Canonical, Linux, Novell and 1 more | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 7 more | 2017-08-12 | 4.9 MEDIUM | 4.6 MEDIUM |
| Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. | |||||