Vulnerabilities > Novell > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-05-13 | CVE-2011-0995 | Permissions, Privileges, and Access Controls vulnerability in multiple products The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | 2.1 |
2011-01-07 | CVE-2010-4322 | Cross-Site Scripting vulnerability in Novell Vibe Onprem 3 Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field. | 3.5 |
2010-09-08 | CVE-2010-3264 | Credentials Management vulnerability in Novell Identity Manager 3.6.1 The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file. | 2.1 |
2010-04-05 | CVE-2000-1246 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Netware and Netware FTP Server NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command. | 3.5 |
2009-04-14 | CVE-2008-6722 | Information Exposure vulnerability in Novell Access Manager 3 Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache. | 1.9 |
2008-03-18 | CVE-2008-1330 | Permissions, Privileges, and Access Controls vulnerability in Novell Groupwise Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. | 3.5 |
2008-02-08 | CVE-2008-0663 | Unspecified vulnerability in Novell products Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field. | 2.1 |
2007-08-25 | CVE-2007-4526 | Credentials Management vulnerability in multiple products The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file. | 2.1 |
2007-08-17 | CVE-2007-4394 | Local Security vulnerability in Linux Desktop Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors. | 2.1 |
2006-12-05 | CVE-2006-6306 | Local Security vulnerability in Novell Client 4.91 Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window. | 1.2 |