Vulnerabilities > Novell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-22 | CVE-2006-2185 | Local Information Disclosure vulnerability in Novell Netware 6.5 PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. | 4.0 |
| 2006-05-20 | CVE-2006-2496 | Buffer Overflow vulnerability in Novell Edirectory and Imonitor Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | 10.0 |
| 2006-05-12 | CVE-2006-2327 | Numeric Errors vulnerability in Novell Netware 6.5 Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. | 6.4 |
| 2006-05-11 | CVE-2006-2304 | Buffer Overflow vulnerability in Novell Client 4.83/4.90/4.91 Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. | 10.0 |
| 2006-04-14 | CVE-2006-0992 | Remote Buffer Overflow vulnerability in Novell Groupwise Messenger 2.0 Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. | 10.0 |
| 2006-03-23 | CVE-2006-0999 | Multiple vulnerability in Novell Netware and Open Enterprise Server The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session. | 5.0 |
| 2006-03-23 | CVE-2006-0998 | Multiple vulnerability in Novell Netware and Open Enterprise Server The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session. | 5.0 |
| 2006-03-23 | CVE-2006-0997 | Multiple vulnerability in Novell Netware and Open Enterprise Server The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic. | 5.0 |
| 2006-03-20 | CVE-2006-1322 | Denial Of Service vulnerability in Novell Netware FTP Server Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow. | 5.0 |
| 2006-03-14 | CVE-2006-1218 | Remote Denial Of Service vulnerability in Novell Bordermanager 3.8 Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1". | 5.0 |