CVEs (16)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
2Netiq Novell2Imanager ImanagerMay 13, 2026 May 3, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. |
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. |
2Netiq Novell2Imanager ImanagerMay 13, 2026 May 3, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. |
2Netiq Novell4Edirectory EdirectoryImanager+1 moreMay 13, 2026 Apr 27, 2017 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing...Show more |
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. |
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code...Show more |
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other im...Show more |
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. |
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated u...Show more |
Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to...Show more |
Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors. |
Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference. |
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN...Show more |
244d AppleAvaya+21 more65Aaa Server Access RegistrarApache Based Web Server+62 moreApr 16, 2026 Nov 23, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a de...Show more |
234d AppleAvaya+20 more66Aaa Server Access RegistrarApache Based Web Server+63 moreApr 16, 2026 Nov 23, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. |
234d AppleAvaya+20 more66Aaa Server Access RegistrarApache Based Web Server+63 moreApr 16, 2026 Nov 23, 2004 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. |