Vulnerabilities > Novell > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-01-15 | CVE-2010-0317 | Resource Management Errors vulnerability in Novell Netware 6.5 Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. | 7.8 |
2010-01-08 | CVE-2009-4486 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Imanager Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema. | 7.5 |
2009-11-04 | CVE-2009-3547 | Operation on a Resource after Expiration or Release vulnerability in multiple products Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. | 7.0 |
2009-05-26 | CVE-2009-1634 | Multiple Security vulnerability in Novell GroupWise WebAccess The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. | 7.5 |
2009-05-14 | CVE-2009-0714 | Privilege Escalation vulnerability in HP Data Protector Express 3.5/4.0 Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets. | 7.2 |
2009-03-30 | CVE-2009-0115 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. local low complexity christophe-varoqui fedoraproject debian avaya suse opensuse novell juniper CWE-732 | 7.8 |
2008-12-11 | CVE-2008-5422 | Permissions, Privileges, and Access Controls vulnerability in SUN RAY Server Software Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. | 7.5 |
2008-09-11 | CVE-2008-4047 | Code Injection vulnerability in Novell Forum Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. | 7.5 |
2008-08-06 | CVE-2008-3488 | Permissions, Privileges, and Access Controls vulnerability in Novell Imanager Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors. | 7.5 |
2008-07-09 | CVE-2008-2931 | Improper Privilege Management vulnerability in multiple products The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. | 7.8 |