Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe
Total 673 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1095 1 Novell 1 Zenworks Configuration Management 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event.
CVE-2013-4854 10 Fedoraproject, Freebsd, Hp and 7 more 12 Fedora, Freebsd, Hp-ux and 9 more 2025-04-11 7.8 HIGH N/A
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
CVE-2010-3107 1 Novell 1 Iprint 2025-04-11 7.1 HIGH N/A
A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.
CVE-2010-2779 1 Novell 1 Groupwise 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."
CVE-2000-1245 1 Novell 2 Netware, Netware Ftp Server 2025-04-11 7.5 HIGH N/A
Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors.
CVE-2013-1379 7 Adobe, Apple, Google and 4 more 9 Adobe Air, Adobe Air Sdk, Flash Player and 6 more 2025-04-11 10.0 HIGH N/A
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2011-0462 1 Novell 1 Opensuse Build Service 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4194 2 Linux, Novell 2 Linux Kernel, Open Enterprise Server 2025-04-11 7.5 HIGH N/A
Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field.
CVE-2012-0419 1 Novell 1 Groupwise 2025-04-11 5.0 MEDIUM N/A
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.
CVE-2009-4654 2 Microsoft, Novell 2 Windows, Edirectory 2025-04-11 9.0 HIGH N/A
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.
CVE-2010-2778 1 Novell 1 Groupwise 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."
CVE-2011-2221 1 Novell 2 Data Synchronizer, Mobility Pack 2025-04-11 5.0 MEDIUM N/A
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors.
CVE-2010-3106 1 Novell 1 Iprint 2025-04-11 9.3 HIGH N/A
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.
CVE-2010-4299 1 Novell 1 Zenworks Handheld Management 2025-04-11 9.3 HIGH N/A
Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400.
CVE-2011-1699 1 Novell 1 Iprint 2025-04-11 9.3 HIGH N/A
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url.
CVE-2010-4326 1 Novell 1 Groupwise 2025-04-11 10.0 HIGH N/A
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message.
CVE-2010-2351 1 Novell 1 Netware 2025-04-11 10.0 HIGH N/A
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
CVE-2010-4228 1 Novell 1 Netware 2025-04-11 9.0 HIGH N/A
Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.
CVE-2011-2646 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2025-04-11 7.5 HIGH N/A
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename in the list of testdrive modified files.
CVE-2011-0990 2 Mono, Novell 2 Mono, Moonlight 2025-04-11 5.8 MEDIUM N/A
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.