Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Novell Subscribe
Total 670 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3014 1 Novell 2 Data Synchronizer, Mobility Pack 2017-08-28 5.0 MEDIUM N/A
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.
CVE-2011-2650 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display.
CVE-2011-2655 1 Novell 1 Zenworks Handheld Management 2017-08-28 9.3 HIGH N/A
Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2656.
CVE-2011-2645 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2017-08-28 7.5 HIGH N/A
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename for a custom RPM.
CVE-2011-2226 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing.
CVE-2011-2644 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display.
CVE-2011-2646 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2017-08-28 7.5 HIGH N/A
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename in the list of testdrive modified files.
CVE-2011-2647 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2017-08-28 7.5 HIGH N/A
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted archive name in the list of testdrive modified files.
CVE-2015-0783 1 Novell 1 Zenworks Configuration Management 2017-08-19 4.0 MEDIUM 6.5 MEDIUM
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.
CVE-2015-0786 1 Novell 1 Zenworks Configuration Management 2017-08-18 10.0 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-0785 1 Novell 1 Zenworks Configuration Management 2017-08-18 5.0 MEDIUM 7.5 HIGH
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.
CVE-2015-0784 1 Novell 1 Zenworks Configuration Management 2017-08-18 5.0 MEDIUM 7.5 HIGH
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.
CVE-2015-0782 1 Novell 1 Zenworks Configuration Management 2017-08-18 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0780 1 Novell 1 Zenworks Configuration Management 2017-08-18 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0781 1 Novell 1 Zenworks Configuration Management 2017-08-18 7.5 HIGH 9.8 CRITICAL
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.
CVE-2011-1551 1 Novell 1 Opensuse Factory 2017-08-16 6.9 MEDIUM N/A
SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon.
CVE-2011-1711 1 Novell 2 Data Synchronizer, Mobility Pack 2017-08-16 5.5 MEDIUM N/A
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors.
CVE-2011-0464 1 Novell 1 Vibe Onprem 2017-08-16 10.0 HIGH N/A
Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2011-0990 2 Mono, Novell 2 Mono, Moonlight 2017-08-16 5.8 MEDIUM N/A
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
CVE-2010-4326 1 Novell 1 Groupwise 2017-08-16 10.0 HIGH N/A
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message.