Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe
Total 671 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4480 1 Novell 1 Edirectory 2024-11-21 10.0 HIGH N/A
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.
CVE-2008-4479 1 Novell 1 Edirectory 2024-11-21 10.0 HIGH N/A
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.
CVE-2008-4478 1 Novell 1 Edirectory 2024-11-21 10.0 HIGH N/A
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.
CVE-2008-4047 1 Novell 1 Novell Forum 2024-11-21 7.5 HIGH N/A
Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap CVE-2007-6515.
CVE-2008-3501 1 Novell 1 Groupwise 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3488 1 Novell 1 Imanager 2024-11-21 7.5 HIGH N/A
Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors.
CVE-2008-3159 1 Novell 1 Edirectory 2024-11-21 10.0 HIGH N/A
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."
CVE-2008-3158 1 Novell 1 Novell Client For Windows 2024-11-21 6.9 MEDIUM N/A
Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.
CVE-2008-2931 5 Canonical, Debian, Linux and 2 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2024-11-21 7.2 HIGH 7.8 HIGH
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
CVE-2008-2908 1 Novell 1 Iprint Client 2024-11-21 9.3 HIGH N/A
Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-2812 7 Avaya, Canonical, Debian and 4 more 15 Communication Manager, Expanded Meet-me Conferencing, Intuity Audix Lx and 12 more 2024-11-21 7.2 HIGH 7.8 HIGH
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
CVE-2008-2704 1 Novell 1 Groupwise Messenger 2024-11-21 5.0 MEDIUM N/A
Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2008-2703 1 Novell 1 Groupwise Messenger 2024-11-21 10.0 HIGH N/A
Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.
CVE-2008-2436 1 Novell 1 Iprint Client 2024-11-21 9.3 HIGH N/A
Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx.
CVE-2008-2432 1 Novell 1 Iprint 2024-11-21 5.0 MEDIUM N/A
Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument.
CVE-2008-2431 1 Novell 1 Iprint 2024-11-21 9.3 HIGH N/A
Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method.
CVE-2008-2145 1 Novell 1 Client 2024-11-21 7.2 HIGH N/A
Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long username in the "forgotten password" dialog.
CVE-2008-2112 3 Novell, Redhat, Sun 4 Suse Linux Enterprise Server, Enterprise Linux, Ray Server Software and 1 more 2024-11-21 8.5 HIGH N/A
Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig.
CVE-2008-2069 1 Novell 1 Groupwise 2024-11-21 9.3 HIGH N/A
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.
CVE-2008-2025 3 Apache, Novell, Opensuse 3 Struts, Suse Linux, Opensuse 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."