Netware@* Security Vulnerabilities and Issues — Netware@* CVE List

Lucene search

NovellNetware*

13 matches found

CVE•added 2010/04/05 3:30 p.m.•51 views

CVE-2004-2767

NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session.

4.3CVSS6.9AI score0.00658EPSS

CVE•added 2002/03/09 5:0 a.m.•47 views

CVE-1999-1382

NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.

7.2CVSS6.9AI score0.00035EPSS

CVE•added 2010/04/05 3:30 p.m.•47 views

CVE-2002-2432

Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via a crafted username.

5CVSS6.8AI score0.00704EPSS

CVE•added 2001/09/12 4:0 a.m.•45 views

CVE-1999-1086

Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls.

10CVSS7.3AI score0.01402EPSS

CVE•added 2008/12/19 6:30 p.m.•45 views

CVE-2008-5696

Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.

9.3CVSS6.9AI score0.02493EPSS

CVE•added 2010/04/05 3:30 p.m.•44 views

CVE-2001-1587

NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command.

5CVSS6.9AI score0.01349EPSS

CVE•added 2010/04/05 3:30 p.m.•44 views

CVE-2005-4888

NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed.

5CVSS6.9AI score0.00704EPSS

CVE•added 2010/04/05 3:30 p.m.•44 views

CVE-2007-6735

NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session.

7.5CVSS6.8AI score0.00132EPSS

CVE•added 2002/03/09 5:0 a.m.•42 views

CVE-1999-1320

Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.

4.6CVSS7AI score0.0003EPSS

CVE•added 2005/07/14 4:0 a.m.•40 views

CVE-2002-2083

The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.

2.1CVSS6.8AI score0.00031EPSS

CVE•added 2001/03/12 5:0 a.m.•36 views

CVE-1999-0805

Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests.

5CVSS7AI score0.00717EPSS

CVE•added 2011/02/25 7:0 p.m.•35 views

CVE-2010-4227

The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow.

10CVSS8AI score0.4353EPSS

CVE•added 2010/06/21 7:30 p.m.•34 views

CVE-2010-2351

Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.

10CVSS8.4AI score0.14485EPSS