| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2770 |
20 |
|
|
2013-04-07 |
2013-04-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate. |
|
2 |
CVE-2013-1926 |
|
|
+Info |
2013-04-29 |
2013-06-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. |
|
3 |
CVE-2013-1093 |
20 |
|
|
2013-06-17 |
2013-06-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. |
|
4 |
CVE-2012-6139 |
|
|
DoS |
2013-04-12 |
2013-04-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. |
|
5 |
CVE-2012-2215 |
22 |
|
Dir. Trav. |
2012-04-09 |
2012-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. |
|
6 |
CVE-2012-0419 |
22 |
|
Dir. Trav. |
2012-09-28 |
2013-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. |
|
7 |
CVE-2012-0410 |
22 |
|
Dir. Trav. |
2012-07-05 |
2013-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. |
|
8 |
CVE-2011-3179 |
200 |
|
+Info |
2011-12-08 |
2012-03-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command. |
|
9 |
CVE-2011-3014 |
264 |
|
+Info |
2011-08-09 |
2011-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation. |
|
10 |
CVE-2011-3013 |
310 |
|
|
2011-08-09 |
2011-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack. |
|
11 |
CVE-2011-2750 |
399 |
|
|
2011-07-17 |
2011-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD. |
|
12 |
CVE-2011-2223 |
310 |
|
+Info |
2011-08-09 |
2012-08-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. |
|
13 |
CVE-2011-2221 |
264 |
|
Bypass +Info |
2011-08-09 |
2012-08-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. |
|
14 |
CVE-2011-2219 |
|
|
DoS |
2011-10-07 |
2012-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2218. |
|
15 |
CVE-2011-2218 |
|
|
DoS |
2011-10-07 |
2012-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2219. |
|
16 |
CVE-2011-1711 |
|
|
|
2011-06-08 |
2011-09-06 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors. |
|
17 |
CVE-2011-0992 |
399 |
|
DoS +Info |
2011-04-13 |
2011-04-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. |
|
18 |
CVE-2011-0990 |
362 |
|
DoS Overflow |
2011-04-13 |
2011-04-15 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. |
|
19 |
CVE-2011-0989 |
264 |
|
DoS |
2011-04-13 |
2011-04-15 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct. |
|
20 |
CVE-2010-4715 |
22 |
|
Dir. Trav. |
2011-01-31 |
2011-02-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information. |
|
21 |
CVE-2010-4327 |
|
|
DoS |
2011-02-10 |
2011-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524. |
|
22 |
CVE-2010-1930 |
189 |
1
|
DoS |
2010-06-28 |
2010-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. |
|
23 |
CVE-2010-1507 |
255 |
|
|
2010-09-03 |
2010-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. |
|
24 |
CVE-2010-0666 |
|
|
DoS |
2010-02-19 |
2010-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. |
|
25 |
CVE-2009-3863 |
119 |
1
|
DoS Overflow |
2009-11-04 |
2009-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method. |
|
26 |
CVE-2009-3862 |
287 |
|
DoS |
2009-11-04 |
2009-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. |
|
27 |
CVE-2009-2457 |
94 |
|
DoS |
2009-07-14 |
2009-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. |
|
28 |
CVE-2009-2456 |
|
|
DoS |
2009-07-14 |
2009-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). |
|
29 |
CVE-2009-1293 |
200 |
|
+Info |
2009-04-16 |
2009-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. |
|
30 |
CVE-2009-0274 |
200 |
|
+Info |
2009-02-03 |
2009-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests. |
|
31 |
CVE-2009-0192 |
189 |
|
Exec Code Overflow |
2009-07-14 |
2009-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow. |
|
32 |
CVE-2008-2704 |
20 |
|
DoS |
2008-06-13 |
2009-10-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries. |
|
33 |
CVE-2008-2432 |
200 |
|
+Info |
2008-11-25 |
2008-11-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. |
|
34 |
CVE-2008-1777 |
399 |
|
DoS |
2008-04-14 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028. |
|
35 |
CVE-2008-1701 |
|
|
DoS |
2008-04-08 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request. |
|
36 |
CVE-2008-0927 |
399 |
1
|
DoS |
2008-04-14 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777. |
|
37 |
CVE-2007-6625 |
134 |
|
DoS |
2008-01-03 |
2009-09-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan. |
|
38 |
CVE-2006-6307 |
|
|
DoS |
2006-12-05 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary. |
|
39 |
CVE-2006-5813 |
|
|
DoS |
2006-11-08 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. |
|
40 |
CVE-2006-5479 |
|
|
DoS |
2006-10-24 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." |
|
41 |
CVE-2006-5286 |
|
|
DoS |
2006-10-13 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to "VPN issues" for certain "IKE and IPsec settings." |
|
42 |
CVE-2006-4521 |
|
|
DoS |
2006-11-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. |
|
43 |
CVE-2006-4511 |
|
|
DoS |
2006-10-05 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines." |
|
44 |
CVE-2006-3426 |
|
|
Dir. Trav. |
2006-07-06 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components. |
|
45 |
CVE-2006-3268 |
|
|
|
2006-06-29 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. |
|
46 |
CVE-2006-1322 |
|
|
DoS Overflow |
2006-03-20 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow. |
|
47 |
CVE-2006-1218 |
|
|
DoS |
2006-03-13 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1". |
|
48 |
CVE-2006-0999 |
|
|
|
2006-03-23 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session. |
|
49 |
CVE-2006-0998 |
|
|
|
2006-03-23 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session. |
|
50 |
CVE-2006-0997 |
|
|
|
2006-03-23 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic. |
