Vulnerabilities > Novell
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-01-31 | CVE-2010-4712 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data. | 10.0 |
2011-01-31 | CVE-2010-4711 | Resource Management Errors vulnerability in Novell Groupwise Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command. | 10.0 |
2011-01-28 | CVE-2010-2779 | Cross-Site Scripting vulnerability in Novell Groupwise 8.0 Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies." | 4.3 |
2011-01-28 | CVE-2010-2778 | Cross-Site Scripting vulnerability in Novell Groupwise 7.0/8.0 Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit." | 4.3 |
2011-01-28 | CVE-2010-2777 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise 7.0/8.0 Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command. | 9.0 |
2011-01-28 | CVE-2010-4326 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message. | 10.0 |
2011-01-28 | CVE-2010-4325 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message. | 10.0 |
2011-01-13 | CVE-2010-3912 | Credentials Management vulnerability in Novell Suse Linux 10/11 The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. | 10.0 |
2011-01-07 | CVE-2010-4322 | Cross-Site Scripting vulnerability in Novell Vibe Onprem 3 Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field. | 3.5 |
2011-01-07 | CVE-2010-4324 | Cross-Site Scripting vulnerability in Novell products Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |