Filtered by vendor Novell
Subscriptions
Total
671 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-3912 | 1 Novell | 1 Suse Linux | 2024-08-07 | N/A |
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. | ||||
CVE-2010-3109 | 1 Novell | 1 Iprint | 2024-08-07 | N/A |
Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter. | ||||
CVE-2010-3107 | 1 Novell | 1 Iprint | 2024-08-07 | N/A |
A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module. | ||||
CVE-2010-3108 | 1 Novell | 1 Iprint | 2024-08-07 | N/A |
Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names. | ||||
CVE-2010-3105 | 1 Novell | 1 Iprint | 2024-08-07 | N/A |
The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2010-3106 | 1 Novell | 1 Iprint | 2024-08-07 | N/A |
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method. | ||||
CVE-2010-2351 | 1 Novell | 1 Netware | 2024-08-07 | N/A |
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName. | ||||
CVE-2010-2068 | 5 Apache, Ibm, Microsoft and 2 more | 5 Http Server, Os2, Windows and 2 more | 2024-08-07 | N/A |
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. | ||||
CVE-2010-1929 | 1 Novell | 1 Imanager | 2024-08-07 | N/A |
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc. | ||||
CVE-2010-1930 | 1 Novell | 1 Imanager | 2024-08-07 | N/A |
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. | ||||
CVE-2010-1527 | 1 Novell | 1 Iprint | 2024-08-07 | N/A |
Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action. | ||||
CVE-2010-1325 | 1 Novell | 2 Suse Lifecycle Management Server, Suse Linux | 2024-08-07 | N/A |
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect. | ||||
CVE-2010-0625 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-08-07 | N/A |
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command. | ||||
CVE-2010-0317 | 1 Novell | 1 Netware | 2024-08-07 | N/A |
Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information. | ||||
CVE-2010-0284 | 2 Microsoft, Novell | 2 Windows, Access Manager | 2024-08-07 | N/A |
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678. | ||||
CVE-2011-5028 | 1 Novell | 1 Sentinel Log Manager | 2024-08-07 | N/A |
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
CVE-2011-4913 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2024-08-07 | N/A |
The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket. | ||||
CVE-2011-4914 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2024-08-07 | N/A |
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. | ||||
CVE-2011-4189 | 1 Novell | 1 Groupwise | 2024-08-07 | N/A |
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file. | ||||
CVE-2011-4188 | 1 Novell | 1 Imanager | 2024-08-07 | N/A |
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. |