Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe
Total 675 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3106 1 Novell 1 Iprint 2026-06-16 9.3 HIGH N/A
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.
CVE-2010-3105 1 Novell 1 Iprint 2026-06-16 9.3 HIGH N/A
The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2779 1 Novell 1 Groupwise 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."
CVE-2010-2778 1 Novell 1 Groupwise 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."
CVE-2010-2777 1 Novell 1 Groupwise 2026-06-16 9.0 HIGH N/A
Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command.
CVE-2010-2351 1 Novell 1 Netware 2026-06-16 10.0 HIGH N/A
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
CVE-2010-2068 4 Apache, Ibm, Microsoft and 1 more 4 Http Server, Os2, Windows and 1 more 2026-06-16 5.0 MEDIUM N/A
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
CVE-2010-1930 1 Novell 1 Imanager 2026-06-16 5.0 MEDIUM N/A
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.
CVE-2010-1929 1 Novell 1 Imanager 2026-06-16 9.0 HIGH N/A
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.
CVE-2010-1527 1 Novell 1 Iprint 2026-06-16 9.3 HIGH N/A
Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.
CVE-2010-1507 1 Novell 2 Suse Linux, Webyast Appliance 2026-06-16 5.0 MEDIUM N/A
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
CVE-2010-1325 1 Novell 2 Suse Lifecycle Management Server, Suse Linux 2026-06-16 4.3 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
CVE-2010-0666 1 Novell 1 Edirectory 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926.
CVE-2010-0625 1 Novell 2 Netware, Netware Ftp Server 2026-06-16 6.5 MEDIUM N/A
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.
CVE-2010-0317 1 Novell 1 Netware 2026-06-16 7.8 HIGH N/A
Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information.
CVE-2010-0284 2 Microsoft, Novell 2 Windows, Access Manager 2026-06-16 10.0 HIGH N/A
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.
CVE-2009-4879 1 Novell 1 Access Manager 2026-06-16 4.3 MEDIUM N/A
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.
CVE-2009-4878 1 Novell 1 Access Manager 2026-06-16 4.3 MEDIUM N/A
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.
CVE-2009-4662 1 Novell 1 Groupwise 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter.
CVE-2009-4655 1 Novell 1 Edirectory 2026-06-16 7.5 HIGH N/A
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.