NovellCVEs & Vulnerabilities

675 CVEs affecting Novell products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

groupwise 484iprint 471edirectory 210suse linux enterprise server 132zenworks configuration management 120netware 118suse linux enterprise desktop 91suse linux enterprise software development kit 86
CVE-2007-6302MEDIUM

Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162."

10 Dec 2007
6.8
CVSS
CVE-2007-5667HIGH

NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.

14 Nov 2007
7.2
CVSS
CVE-2007-5767CRITICAL

Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character backslash or NULL character.

3 Nov 2007
10.0
CVSS
CVE-2007-5702MEDIUM

Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.

30 Oct 2007
4.3
CVSS
CVE-2007-2954CRITICAL

Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854.

1 Sep 2007
10.0
CVSS
CVE-2007-4557MEDIUM

Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2.

28 Aug 2007
4.3
CVSS
CVE-2007-4526LOW

The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file.

25 Aug 2007
2.1
CVSS
CVE-2007-4432MEDIUM

Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.

20 Aug 2007
4.6
CVSS
CVE-2007-4394LOW

Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.

18 Aug 2007
2.1
CVSS
CVE-2007-3570HIGH

The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.

5 Jul 2007
7.5
CVSS
CVE-2007-3571MEDIUM

The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.

5 Jul 2007
4.3
CVSS
CVE-2007-2923CRITICAL

The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands.

18 Jun 2007
9.3
CVSS
CVE-2007-3207HIGH

Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path in a mount request.

18 Jun 2007
7.1
CVSS
CVE-2007-3200MEDIUM

NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.

13 Jun 2007
4.9
CVSS
CVE-2007-2513MEDIUM

Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack.

4 Jun 2007
4.3
CVSS
CVE-2007-2616CRITICAL

Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request.

11 May 2007
10.0
CVSS
CVE-2007-2475MEDIUM

Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes."

3 May 2007
6.5
CVSS
CVE-2007-2476CRITICAL

Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes.

3 May 2007
10.0
CVSS
CVE-2006-4520HIGH

ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file.

1 May 2007
7.8
CVSS
CVE-2007-2171CRITICAL

Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.

24 Apr 2007
10.0
CVSS
CVE-2007-1350MEDIUM

Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.

9 Mar 2007
6.8
CVSS
CVE-2006-7155HIGH

Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. NOTE: this issue might be related to CVE-2006-5286.

7 Mar 2007
7.5
CVSS
CVE-2007-1309CRITICAL

Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.

7 Mar 2007
9.0
CVSS
CVE-2007-1285HIGHpoc

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

6 Mar 2007
7.5
CVSS
CVE-2007-1119MEDIUM

Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors.

27 Feb 2007
6.4
CVSS
CVE-2007-0108MEDIUM

nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.

9 Jan 2007
6.0
CVSS
CVE-2007-0110MEDIUMpoc

Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.

9 Jan 2007
6.8
CVSS
CVE-2006-4220MEDIUMpoc

Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.

31 Dec 2006
4.3
CVSS
CVE-2006-6762MEDIUM

The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.

27 Dec 2006
4.0
CVSS
CVE-2006-6761MEDIUMpoc

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.

27 Dec 2006
6.5
CVSS
CVE-2006-6425CRITICALpoc

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.

27 Dec 2006
9.0
CVSS
CVE-2006-6424CRITICALpoc

Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.

27 Dec 2006
9.0
CVSS
CVE-2006-6675MEDIUM

Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app.

21 Dec 2006
6.8
CVSS
CVE-2006-6450HIGH

Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters.

10 Dec 2006
7.5
CVSS
CVE-2006-6443CRITICAL

Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors.

10 Dec 2006
10.0
CVSS
CVE-2006-6299CRITICAL

Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow.

5 Dec 2006
10.0
CVSS
CVE-2006-6306LOW

Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.

5 Dec 2006
1.2
CVSS
CVE-2006-6307MEDIUM

srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary.

5 Dec 2006
5.0
CVSS
CVE-2006-5854HIGHpoc

Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.

3 Dec 2006
7.5
CVSS
CVE-2006-5813MEDIUM

Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.

9 Nov 2006
5.0
CVSS
CVE-2006-5814HIGH

Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.

9 Nov 2006
7.5
CVSS
CVE-2006-4521MEDIUM

The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request.

4 Nov 2006
5.0
CVSS
CVE-2006-4517HIGH

Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.

1 Nov 2006
7.8
CVSS
CVE-2006-4177HIGH

Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.

24 Oct 2006
7.5
CVSS
CVE-2006-5479MEDIUM

The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment."

24 Oct 2006
5.0
CVSS
CVE-2006-5478HIGHpoc

Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.

24 Oct 2006
7.5
CVSS
CVE-2006-4509CRITICAL

Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.

24 Oct 2006
10.0
CVSS
CVE-2006-4510CRITICAL

The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory.

24 Oct 2006
10.0
CVSS
← PrevPage 11 / 15Next →
Novell CVEs & Vulnerabilities — 675 Tracked — Page 11