Filtered by vendor Novell
Subscriptions
Total
671 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3697 | 3 Agnitum, Lavasoft, Novell | 3 Outpost Firewall, Lavasoft Personal Firewall, Client Firewall | 2025-04-03 | N/A |
| Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall. | ||||
| CVE-1999-0265 | 2 Microware, Novell | 2 Os-9, Netware | 2025-04-03 | N/A |
| ICMP redirect messages may crash or lock up a host. | ||||
| CVE-2001-1232 | 1 Novell | 1 Groupwise | 2025-04-03 | N/A |
| GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get". | ||||
| CVE-1999-1005 | 2 Netscape, Novell | 2 Enterprise Server, Groupwise | 2025-04-03 | N/A |
| Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. | ||||
| CVE-1999-0929 | 1 Novell | 2 Http Server, Netware | 2025-04-03 | N/A |
| Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests. | ||||
| CVE-2005-1976 | 1 Novell | 1 Netmail | 2025-04-03 | N/A |
| Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files. | ||||
| CVE-2006-3430 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2025-04-03 | N/A |
| SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | ||||
| CVE-2006-3268 | 1 Novell | 1 Groupwise | 2025-04-03 | N/A |
| Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. | ||||
| CVE-2006-2612 | 1 Novell | 1 Client | 2025-04-03 | N/A |
| Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt. | ||||
| CVE-1999-0175 | 1 Novell | 1 Web Server | 2025-04-03 | N/A |
| The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. | ||||
| CVE-2005-1729 | 1 Novell | 1 Edirectory | 2025-04-03 | N/A |
| Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1. | ||||
| CVE-2005-1730 | 1 Novell | 1 Imanager | 2025-04-03 | N/A |
| Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112. | ||||
| CVE-2006-2496 | 1 Novell | 2 Edirectory, Imonitor | 2025-04-03 | N/A |
| Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | ||||
| CVE-2001-1233 | 1 Novell | 2 Groupwise Webaccess, Netware | 2025-04-03 | N/A |
| Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm. | ||||
| CVE-1999-0805 | 1 Novell | 1 Netware | 2025-04-03 | N/A |
| Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests. | ||||
| CVE-2002-0341 | 1 Novell | 1 Groupwise | 2025-04-03 | N/A |
| GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter. | ||||
| CVE-2002-1417 | 1 Novell | 2 Netware, Small Business Suite | 2025-04-03 | N/A |
| Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator. | ||||
| CVE-2002-1552 | 1 Novell | 1 Edirectory | 2025-04-03 | N/A |
| Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. | ||||
| CVE-2002-1772 | 1 Novell | 1 Netware | 2025-04-03 | N/A |
| Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password. | ||||
| CVE-2002-2096 | 1 Novell | 1 Netware | 2025-04-03 | N/A |
| Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | ||||