Every CVE whose affected-product data names Novell Groupwise, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (74)
CVE-2009-1636 — CVSS 10.0 (critical): Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow…
CVE-2003-1551 — CVSS 10.0 (critical): Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious…
CVE-2011-2663 — CVSS 10.0 (critical): Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code…
CVE-2011-2662 — CVSS 10.0 (critical): Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary…
CVE-2011-0334 — CVSS 10.0 (critical): Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to…
CVE-2011-0333 — CVSS 10.0 (critical): Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell…
CVE-2007-2171 — CVSS 10.0 (critical): Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote…
CVE-2010-4714 — CVSS 10.0 (critical): Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP…
CVE-2010-4713 — CVSS 10.0 (critical): Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to…
CVE-2010-4712 — CVSS 10.0 (critical): Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote…
CVE-2010-4711 — CVSS 10.0 (critical): Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote…
CVE-2010-4326 — CVSS 10.0 (critical): Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to…
CVE-2010-4325 — CVSS 10.0 (critical): Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute…
CVE-2009-0410 — CVSS 10.0 (critical): Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0…
CVE-2014-0610 — CVSS 10.0 (critical): The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute…
CVE-2013-0804 — CVSS 10.0 (critical): The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a…
CVE-2012-0417 — CVSS 10.0 (critical): Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows…
CVE-2012-0271 — CVSS 10.0 (critical): Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and…
CVE-2016-5762 — CVSS 9.8 (critical): Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to…
CVE-2012-0418 — CVSS 9.3 (critical): Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows…
CVE-2012-0439 — CVSS 9.3 (critical): An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to…
CVE-2007-6435 — CVSS 9.3 (critical): Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers…
CVE-2008-2069 — CVSS 9.3 (critical): Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in…
CVE-2010-2777 — CVSS 9.0 (critical): Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF…
CVE-2014-0600 — CVSS 7.8 (high): FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary…
CVE-2011-4189 — CVSS 7.5 (high): The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap…
CVE-2002-1088 — CVSS 7.5 (high): Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.
CVE-2001-1195 — CVSS 7.5 (high): Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote…
CVE-2005-2346 — CVSS 7.5 (high): Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a…
CVE-2009-1634 — CVSS 7.5 (high): The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management…
CVE-2010-4717 — CVSS 6.5 (medium): Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP…
CVE-2016-5761 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject…
CVE-2016-5760 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot…
CVE-2016-9169 — CVSS 6.1 (medium): A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot…
CVE-2000-0146 — CVSS 5.0 (medium): The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to…
CVE-2009-3863 — CVSS 5.0 (medium): Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of…
CVE-2009-0274 — CVSS 5.0 (medium): Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to…
CVE-2010-4715 — CVSS 5.0 (medium): Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before…
CVE-1999-1005 — CVSS 5.0 (medium): Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the…
CVE-2006-3268 — CVSS 5.0 (medium): Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic…
CVE-2011-2218 — CVSS 5.0 (medium): Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial…
CVE-2011-2219 — CVSS 5.0 (medium): Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial…
CVE-2005-2804 — CVSS 5.0 (medium): Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial…
CVE-2005-2620 — CVSS 5.0 (medium): grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the…
CVE-2005-0296 — CVSS 5.0 (medium): NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not…
CVE-2002-0341 — CVSS 5.0 (medium): GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web…
CVE-2012-0410 — CVSS 5.0 (medium): Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the…
CVE-2001-1458 — CVSS 5.0 (medium): Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for…
CVE-2012-0419 — CVSS 5.0 (medium): Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1…
CVE-2001-1232 — CVSS 5.0 (medium): GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request…
CVE-2001-1231 — CVSS 5.0 (medium): GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting…
CVE-2001-0355 — CVSS 5.0 (medium): Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.
CVE-1999-1006 — CVSS 5.0 (medium): Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.
CVE-2002-0303 — CVSS 4.6 (medium): GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of…
CVE-2013-1086 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to…
CVE-2013-1087 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows…
CVE-2010-2779 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary…
CVE-2012-0272 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers…
CVE-2008-3501 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject…
CVE-2007-3571 — CVSS 4.3 (medium): The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain…
CVE-2007-2513 — CVSS 4.3 (medium): Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a…
CVE-2009-4662 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows…
CVE-2010-4716 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject…
CVE-2009-1635 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0…
CVE-2011-3827 — CVSS 4.3 (medium): The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote…
CVE-2006-4220 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow…
CVE-2009-1762 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2…
CVE-2014-0611 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support…
CVE-2010-2778 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote…
CVE-2011-2661 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject…
CVE-2012-4912 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support…
CVE-2008-1330 — CVSS 3.5 (low): Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote…