Filtered by vendor Novell
Subscribe
Total
671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1086 | 1 Novell | 1 Groupwise | 2017-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. | |||||
| CVE-2014-0610 | 2 Microsoft, Novell | 2 Windows, Groupwise | 2017-08-29 | 10.0 HIGH | N/A |
| The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. | |||||
| CVE-2013-7042 | 1 Novell | 1 Suse Lifecycle Management Server | 2017-08-29 | 4.6 MEDIUM | N/A |
| SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2013-3268 | 1 Novell | 1 Imanager | 2017-08-29 | 10.0 HIGH | N/A |
| Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. | |||||
| CVE-2012-5938 | 3 Conectiva, Ibm, Novell | 3 Linux, Infosphere Information Server, Unixware | 2017-08-29 | 7.2 HIGH | N/A |
| The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. | |||||
| CVE-2012-4933 | 1 Novell | 1 Zenworks Asset Management | 2017-08-29 | 7.8 HIGH | N/A |
| The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. | |||||
| CVE-2012-2215 | 1 Novell | 1 Zenworks Configuration Management | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. | |||||
| CVE-2011-5028 | 1 Novell | 1 Sentinel Log Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2011-3014 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
| CVE-2011-3013 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2017-08-29 | 5.0 MEDIUM | N/A |
| WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2011-2652 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file. | |||||
| CVE-2011-2651 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the file browser in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename. | |||||
| CVE-2011-2650 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display. | |||||
| CVE-2011-2649 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-29 | 7.5 HIGH | N/A |
| Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call. | |||||
| CVE-2011-2648 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a filter in a modified file. | |||||
| CVE-2011-2647 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted archive name in the list of testdrive modified files. | |||||
| CVE-2011-2646 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename in the list of testdrive modified files. | |||||
| CVE-2011-2645 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename for a custom RPM. | |||||
| CVE-2011-2644 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display. | |||||
| CVE-2011-2226 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing. | |||||