Vulnerabilities > Novell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-14 | CVE-2007-5667 | Improper Input Validation vulnerability in Novell Client 4.91 NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. | 7.2 |
| 2007-11-02 | CVE-2007-5767 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Bordermanager Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character backslash or NULL character. | 10.0 |
| 2007-10-29 | CVE-2007-5702 | Cross-Site Scripting vulnerability in Novell Opensuse Swamp Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
| 2007-08-31 | CVE-2007-2954 | Buffer Errors vulnerability in Novell Client 4.91 Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. | 10.0 |
| 2007-08-28 | CVE-2007-4557 | Cross-Site Scripting vulnerability in Novell Groupwise Webaccess 6.5 Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. | 4.3 |
| 2007-08-25 | CVE-2007-4526 | Credentials Management vulnerability in multiple products The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file. | 2.1 |
| 2007-08-20 | CVE-2007-4432 | Local Security vulnerability in Linux Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. | 4.6 |
| 2007-08-17 | CVE-2007-4394 | Local Security vulnerability in Linux Desktop Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors. | 2.1 |
| 2007-07-05 | CVE-2007-3571 | Information Disclosure vulnerability in Groupwise The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. network novell | 4.3 |
| 2007-07-05 | CVE-2007-3570 | Security Bypass vulnerability in Novell Access Manager 3 The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. | 7.5 |