Filtered by vendor Novell
Subscribe
Total
670 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-3014 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2017-08-28 | 5.0 MEDIUM | N/A |
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
CVE-2011-2650 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display. | |||||
CVE-2011-2655 | 1 Novell | 1 Zenworks Handheld Management | 2017-08-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2656. | |||||
CVE-2011-2645 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename for a custom RPM. | |||||
CVE-2011-2226 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing. | |||||
CVE-2011-2644 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display. | |||||
CVE-2011-2646 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename in the list of testdrive modified files. | |||||
CVE-2011-2647 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted archive name in the list of testdrive modified files. | |||||
CVE-2015-0783 | 1 Novell | 1 Zenworks Configuration Management | 2017-08-19 | 4.0 MEDIUM | 6.5 MEDIUM |
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | |||||
CVE-2015-0786 | 1 Novell | 1 Zenworks Configuration Management | 2017-08-18 | 10.0 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2015-0785 | 1 Novell | 1 Zenworks Configuration Management | 2017-08-18 | 5.0 MEDIUM | 7.5 HIGH |
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. | |||||
CVE-2015-0784 | 1 Novell | 1 Zenworks Configuration Management | 2017-08-18 | 5.0 MEDIUM | 7.5 HIGH |
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. | |||||
CVE-2015-0782 | 1 Novell | 1 Zenworks Configuration Management | 2017-08-18 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-0780 | 1 Novell | 1 Zenworks Configuration Management | 2017-08-18 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-0781 | 1 Novell | 1 Zenworks Configuration Management | 2017-08-18 | 7.5 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | |||||
CVE-2011-1551 | 1 Novell | 1 Opensuse Factory | 2017-08-16 | 6.9 MEDIUM | N/A |
SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon. | |||||
CVE-2011-1711 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2017-08-16 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors. | |||||
CVE-2011-0464 | 1 Novell | 1 Vibe Onprem | 2017-08-16 | 10.0 HIGH | N/A |
Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2011-0990 | 2 Mono, Novell | 2 Mono, Moonlight | 2017-08-16 | 5.8 MEDIUM | N/A |
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. | |||||
CVE-2010-4326 | 1 Novell | 1 Groupwise | 2017-08-16 | 10.0 HIGH | N/A |
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message. |