Vulnerabilities > Novell
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-12-31 | CVE-2011-1710 | Numeric Errors vulnerability in Novell Xtier Framework 3.1.8 Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables. | 7.5 |
2011-12-29 | CVE-2011-5028 | Path Traversal vulnerability in Novell Sentinel LOG Manager Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. | 4.0 |
2011-12-08 | CVE-2011-3179 | Information Exposure vulnerability in Novell Groupwise Messenger and Messenger The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command. | 5.0 |
2011-12-08 | CVE-2011-2653 | Path Traversal vulnerability in Novell Zenworks Asset Management 7.5 Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file. | 10.0 |
2011-11-30 | CVE-2011-4191 | Buffer Errors vulnerability in Novell Netware 6.5 Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets. | 7.5 |
2011-11-30 | CVE-2011-3173 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Open Enterprise Server 2 Stack-based buffer overflow in the GetDriverSettings function in nipplib.dll in the iPrint client in Novell Open Enterprise Server 2 (aka OES2) SP3 allows remote attackers to execute arbitrary code via a long (1) hostname or (2) port field. | 7.5 |
2011-10-08 | CVE-2011-2663 | Buffer Errors vulnerability in Novell Groupwise 8.0 Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message. | 10.0 |
2011-10-08 | CVE-2011-2662 | Numeric Errors vulnerability in Novell Groupwise 8.0 Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message. | 10.0 |
2011-10-08 | CVE-2011-2661 | Cross-Site Scripting vulnerability in Novell Groupwise 8.0 Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter. | 4.3 |
2011-10-08 | CVE-2011-2227 | Cross-Site Scripting vulnerability in Novell products Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603. | 4.3 |