Vulnerabilities > Novell > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-07-11 | CVE-2008-3158 | Permissions, Privileges, and Access Controls vulnerability in Novell Client for Windows 4.91Sp4 Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. | 6.9 |
2008-06-18 | CVE-2008-0925 | Cross-Site Scripting vulnerability in Novell Edirectory Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack." | 4.3 |
2008-06-13 | CVE-2008-2704 | Improper Input Validation vulnerability in Novell Groupwise Messenger Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. | 5.0 |
2008-04-14 | CVE-2008-1777 | Resource Management Errors vulnerability in Novell Edirectory 8.8.2 The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028. | 5.0 |
2008-04-14 | CVE-2008-0927 | Resource Management Errors vulnerability in Microsoft Windows-Nt 2000/2003 dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. | 5.0 |
2008-04-08 | CVE-2008-1701 | Denial Of Service vulnerability in Novell Iprint 6.5 Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request. | 5.0 |
2008-03-28 | CVE-2008-0924 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. | 6.8 |
2008-01-31 | CVE-2008-0525 | Link Following vulnerability in multiple products PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. | 4.6 |
2008-01-04 | CVE-2007-6625 | USE of Externally-Controlled Format String vulnerability in Novell Identity Manager 3.5.1 The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan. | 5.0 |
2007-12-10 | CVE-2007-6302 | Buffer Errors vulnerability in Novell Netmail 3.5.2 Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162." | 6.8 |