Filtered by vendor Novell
Subscribe
Total
670 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0780 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-0781 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | |||||
CVE-2016-5762 | 1 Novell | 1 Groupwise | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. | |||||
CVE-2017-7430 | 2 Netiq, Novell | 2 Imanager, Imanager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. | |||||
CVE-2016-9167 | 1 Novell | 1 Edirectory | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. | |||||
CVE-2010-4314 | 2 Microsoft, Novell | 4 Windows 7, Windows Vista, Windows Xp and 1 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter. | |||||
CVE-2016-9169 | 1 Novell | 1 Groupwise | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks. | |||||
CVE-2016-5747 | 1 Novell | 1 Edirectory | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | |||||
CVE-2016-5763 | 1 Novell | 2 Open Enterprise Server 11, Open Enterprise Server 2015 | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update 10991, OES11 SP2 before Scheduled Maintenance Update 10989) might allow authenticated remote attackers to perform unauthorized file access and modification. | |||||
CVE-2015-7976 | 4 Novell, Ntp, Opensuse and 1 more | 10 Suse Openstack Cloud, Ntp, Leap and 7 more | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. | |||||
CVE-2016-5761 | 1 Novell | 1 Groupwise | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. | |||||
CVE-2017-7995 | 3 Novell, Suse, Xen | 6 Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server, Manager and 3 more | 2023-12-10 | 1.7 LOW | 3.8 LOW |
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. | |||||
CVE-2016-1603 | 1 Novell | 1 Netiq Idm Servicenow Driver | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users. | |||||
CVE-2017-5186 | 2 Netiq, Novell | 4 Edirectory, Imanager, Edirectory and 1 more | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | |||||
CVE-2017-7431 | 2 Netiq, Novell | 2 Imanager, Imanager | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. | |||||
CVE-2016-5760 | 1 Novell | 1 Groupwise | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. | |||||
CVE-2016-9168 | 1 Novell | 1 Edirectory | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. | |||||
CVE-2014-9853 | 6 Canonical, Imagemagick, Novell and 3 more | 11 Ubuntu Linux, Imagemagick, Leap and 8 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | |||||
CVE-2017-7432 | 2 Netiq, Novell | 2 Imanager, Imanager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. | |||||
CVE-2017-5182 | 1 Novell | 1 Open Enterprise Server | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). |