Filtered by vendor Novell
Subscribe
Total
675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0779 | 1 Novell | 1 Zenworks Configuration Management | 2023-11-07 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324. | |||||
| CVE-2015-0780 | 1 Novell | 1 Zenworks Configuration Management | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-0785 | 1 Novell | 1 Zenworks Configuration Management | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. | |||||
| CVE-2015-0784 | 1 Novell | 1 Zenworks Configuration Management | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. | |||||
| CVE-2011-2656 | 1 Novell | 1 Zenworks Handheld Management | 2023-11-07 | 9.3 HIGH | N/A |
| Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2655. | |||||
| CVE-2011-2655 | 1 Novell | 1 Zenworks Handheld Management | 2023-11-07 | 9.3 HIGH | N/A |
| Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2656. | |||||
| CVE-2010-4314 | 2 Microsoft, Novell | 4 Windows 7, Windows Vista, Windows Xp and 1 more | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter. | |||||
| CVE-2009-2707 | 1 Novell | 1 Suse Linux Enterprise Server | 2023-11-07 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in ia32el (aka the IA 32 emulation functionality) before 7042_7022-0.4.2 in SUSE Linux Enterprise (SLE) 10 SP2 on Itanium IA64 machines allows local users to cause a denial of service (system crash) via a 32-bit x86 application. | |||||
| CVE-2007-6716 | 6 Canonical, Debian, Linux and 3 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2023-11-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. | |||||
| CVE-2000-0793 | 2 Novell, Symantec | 2 Client, Norton Antivirus | 2023-11-07 | 10.0 HIGH | N/A |
| Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system. | |||||
| CVE-2000-0669 | 1 Novell | 1 Netware | 2023-11-07 | 5.0 MEDIUM | N/A |
| Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data. | |||||
| CVE-2000-0651 | 1 Novell | 1 Bordermanager | 2023-11-07 | 7.5 HIGH | N/A |
| The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine. | |||||
| CVE-2000-0257 | 1 Novell | 1 Netware | 2023-11-07 | 7.5 HIGH | N/A |
| Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. | |||||
| CVE-1999-0265 | 2 Microware, Novell | 2 Os-9, Netware | 2023-11-07 | 5.0 MEDIUM | N/A |
| ICMP redirect messages may crash or lock up a host. | |||||
| CVE-2015-8816 | 3 Linux, Novell, Suse | 11 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 8 more | 2023-11-01 | 7.2 HIGH | 6.8 MEDIUM |
| The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. | |||||
| CVE-2019-9811 | 4 Debian, Mozilla, Novell and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2023-02-28 | 5.1 MEDIUM | 8.3 HIGH |
| As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-11717 | 4 Debian, Mozilla, Novell and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2023-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2012-6657 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2023-02-13 | 4.9 MEDIUM | N/A |
| The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. | |||||
| CVE-2010-2068 | 4 Apache, Ibm, Microsoft and 1 more | 4 Http Server, Os2, Windows and 1 more | 2023-02-13 | 5.0 MEDIUM | N/A |
| mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. | |||||
| CVE-2008-2812 | 7 Avaya, Canonical, Debian and 4 more | 15 Communication Manager, Expanded Meet-me Conferencing, Intuity Audix Lx and 12 more | 2023-02-13 | 7.2 HIGH | 7.8 HIGH |
| The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. | |||||