Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1085 | 1 Novell | 2 Groupwise Messenger, Messenger | 2024-11-21 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter. | |||||
CVE-2011-3179 | 1 Novell | 2 Groupwise Messenger, Messenger | 2024-11-21 | 5.0 MEDIUM | N/A |
The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command. | |||||
CVE-2008-2704 | 1 Novell | 1 Groupwise Messenger | 2024-11-21 | 5.0 MEDIUM | N/A |
Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
CVE-2008-2703 | 1 Novell | 1 Groupwise Messenger | 2024-11-21 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name. | |||||
CVE-2006-4511 | 1 Novell | 1 Groupwise Messenger | 2024-11-21 | 5.0 MEDIUM | N/A |
Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines." | |||||
CVE-2006-0992 | 1 Novell | 1 Groupwise Messenger | 2024-11-21 | 10.0 HIGH | N/A |
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier. |