Filtered by vendor Novell
Subscribe
Search
Total
542 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1096 | 1 Novell | 1 Identity Manager Roles Based Provisioning Module | 2015-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId. | |||||
| CVE-2015-0779 | 1 Novell | 1 Zenworks Configuration Management | 2015-06-08 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324. | |||||
| CVE-2010-5323 | 1 Novell | 1 Zenworks Configuration Management | 2015-06-08 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. | |||||
| CVE-2015-1565 | 4 Hitachi, Microsoft, Novell and 1 more | 8 Compute Systems Manager, Device Manager, Global Link Manager and 5 more | 2015-02-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-0592 | 2 Crowbar, Novell | 2 Barclamp, Suse Cloud | 2014-04-04 | 7.5 HIGH | N/A |
| Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs. | |||||
| CVE-2012-0434 | 1 Novell | 1 Suse Cloud | 2014-03-04 | 10.0 HIGH | N/A |
| The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors. | |||||
| CVE-2012-0414 | 1 Novell | 2 Suse Linux, Suse Manager | 2014-03-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name. | |||||
| CVE-2013-3708 | 1 Novell | 1 Iprint | 2014-02-27 | 5.0 MEDIUM | N/A |
| The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2013-3709 | 2 Novell, Suse | 3 Suse Lifecycle Management Server, Studio Onsite, Webyast | 2014-01-14 | 7.2 HIGH | N/A |
| WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. | |||||
| CVE-2013-3705 | 1 Novell | 1 Client | 2013-12-23 | 4.9 MEDIUM | N/A |
| The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. | |||||
| CVE-2013-1080 | 1 Novell | 1 Zenworks Configuration Management | 2013-12-13 | 10.0 HIGH | N/A |
| The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. | |||||
| CVE-2013-3710 | 1 Novell | 1 Suse Lifecycle Management Server | 2013-12-12 | 4.3 MEDIUM | N/A |
| SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. | |||||
| CVE-2012-0426 | 1 Novell | 1 Suse Linux Enterprise For Sap Applications | 2013-12-03 | 7.2 HIGH | N/A |
| Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory. | |||||
| CVE-2013-1084 | 1 Novell | 1 Zenworks Configuration Management | 2013-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/. | |||||
| CVE-2013-1097 | 1 Novell | 1 Zenworks Configuration Management | 2013-11-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event. | |||||
| CVE-2013-1093 | 1 Novell | 1 Zenworks Configuration Management | 2013-11-07 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. | |||||
| CVE-2013-1094 | 1 Novell | 1 Zenworks Configuration Management | 2013-11-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale. | |||||
| CVE-2013-1095 | 1 Novell | 1 Zenworks Configuration Management | 2013-11-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event. | |||||
| CVE-2013-6344 | 1 Novell | 1 Zenworks Configuration Management | 2013-11-05 | 4.3 MEDIUM | N/A |
| The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors. | |||||
| CVE-2013-6345 | 1 Novell | 1 Zenworks Configuration Management | 2013-11-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception." | |||||
| CVE-2013-6346 | 1 Novell | 1 Zenworks Configuration Management | 2013-11-04 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-6347 | 1 Novell | 1 Zenworks Configuration Management | 2013-11-04 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2013-3704 | 1 Novell | 1 Libzypp | 2013-10-29 | 4.3 MEDIUM | N/A |
| The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key. | |||||
| CVE-2013-3956 | 2 Microsoft, Novell | 7 Windows 2003 Server, Windows 7, Windows 8 and 4 more | 2013-08-22 | 7.2 HIGH | N/A |
| The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. | |||||
| CVE-2013-3697 | 2 Microsoft, Novell | 7 Windows 2003 Server, Windows 7, Windows 8 and 4 more | 2013-07-31 | 7.2 HIGH | N/A |
| Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. | |||||
| CVE-2013-1087 | 2 Microsoft, Novell | 2 Windows, Groupwise | 2013-07-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. | |||||
| CVE-2013-1088 | 1 Novell | 1 Imanager | 2013-05-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. | |||||
| CVE-2013-1092 | 1 Novell | 1 Zenworks Desktop Management | 2013-05-06 | 7.2 HIGH | N/A |
| Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. | |||||
| CVE-2012-4956 | 1 Novell | 1 File Reporter | 2013-05-03 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record. | |||||
| CVE-2012-0419 | 1 Novell | 1 Groupwise | 2013-04-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. | |||||
| CVE-2011-3827 | 1 Novell | 1 Groupwise | 2013-04-05 | 4.3 MEDIUM | N/A |
| The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment. | |||||
| CVE-2013-1079 | 1 Novell | 1 Zenworks Configuration Management | 2013-04-02 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method. | |||||
| CVE-2013-1083 | 1 Novell | 1 Identity Manager Roles Based Provisioning Module | 2013-04-02 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors. | |||||
| CVE-2012-0271 | 1 Novell | 1 Groupwise | 2013-04-02 | 10.0 HIGH | N/A |
| Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header. | |||||
| CVE-2012-0410 | 1 Novell | 1 Groupwise | 2013-04-02 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. | |||||
| CVE-2013-1082 | 1 Novell | 1 Zenworks Mobile Management | 2013-03-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. | |||||
| CVE-2013-1085 | 1 Novell | 2 Groupwise Messenger, Messenger | 2013-03-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter. | |||||
| CVE-2013-1081 | 1 Novell | 1 Zenworks Mobile Management | 2013-03-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter. | |||||
| CVE-2013-0804 | 1 Novell | 1 Groupwise | 2013-02-25 | 10.0 HIGH | N/A |
| The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors. | |||||
| CVE-2012-0439 | 1 Novell | 1 Groupwise | 2013-02-25 | 9.3 HIGH | N/A |
| An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method. | |||||
| CVE-2012-0418 | 2 Microsoft, Novell | 2 Windows, Groupwise | 2013-02-14 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2012-0272 | 1 Novell | 1 Groupwise | 2013-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter. | |||||
| CVE-2012-0417 | 1 Novell | 1 Groupwise | 2013-02-14 | 10.0 HIGH | N/A |
| Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-4912 | 1 Novell | 1 Groupwise | 2013-02-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message. | |||||
| CVE-2012-0411 | 1 Novell | 1 Iprint | 2013-01-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action. | |||||
| CVE-2012-4959 | 1 Novell | 1 File Reporter | 2012-11-19 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. | |||||
| CVE-2012-4958 | 1 Novell | 1 File Reporter | 2012-11-19 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. | |||||
| CVE-2012-4957 | 1 Novell | 1 File Reporter | 2012-11-19 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record. | |||||
| CVE-2008-5092 | 1 Novell | 1 Edirectory | 2012-10-31 | 10.0 HIGH | N/A |
| Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. | |||||
| CVE-2008-5094 | 1 Novell | 1 Edirectory | 2012-10-31 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors. | |||||