| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-0233 |
399 |
1
|
Bypass |
2013-04-25 |
2013-05-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts. |
|
2 |
CVE-2011-2221 |
264 |
|
Bypass +Info |
2011-08-09 |
2012-08-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. |
|
3 |
CVE-2011-0466 |
264 |
|
Bypass |
2011-04-09 |
2011-04-21 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors. |
|
4 |
CVE-2010-4254 |
20 |
1
|
Exec Code Bypass |
2010-12-06 |
2011-02-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. |
|
5 |
CVE-2009-4879 |
287 |
|
Bypass |
2010-05-26 |
2010-05-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions. |
|
6 |
CVE-2008-0926 |
287 |
|
DoS Bypass |
2008-03-28 |
2011-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. |
|
7 |
CVE-2007-6735 |
264 |
|
Bypass |
2010-04-05 |
2010-04-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session. |
|
8 |
CVE-2007-5667 |
20 |
|
+Priv Bypass |
2007-11-13 |
2008-11-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. |
|
9 |
CVE-2007-3570 |
|
|
Bypass |
2007-07-05 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. |
|
10 |
CVE-2007-1309 |
264 |
|
Bypass |
2007-03-06 |
2008-11-13 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt. |
|
11 |
CVE-2005-3786 |
|
|
Bypass |
2005-11-23 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. |
|
12 |
CVE-2004-2734 |
287 |
|
Bypass |
2004-12-31 |
2008-09-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. |
|
13 |
CVE-2004-2579 |
|
|
Bypass |
2004-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding." |
|
14 |
CVE-2003-1596 |
264 |
|
Bypass |
2010-04-05 |
2010-06-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session. |
|
15 |
CVE-2003-1594 |
264 |
|
Bypass |
2010-04-05 |
2010-04-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session. |
|
16 |
CVE-2003-1593 |
264 |
|
Bypass |
2010-04-05 |
2010-04-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection. |
|
17 |
CVE-2002-2083 |
|
|
Bypass |
2002-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen. |
|
18 |
CVE-2002-1413 |
|
|
Bypass |
2003-04-11 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection. |
|
19 |
CVE-2000-1245 |
264 |
|
Bypass |
2010-04-05 |
2010-04-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors. |
|
20 |
CVE-2000-0591 |
|
|
Bypass |
2000-07-05 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL. |
