Filtered by vendor Novell
Subscriptions
Total
675 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-0995 | 2 Novell, Rubyforge | 2 Suse Linux Enterprise, Rubygem-sqlite3 | 2025-04-11 | N/A |
| The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | ||||
| CVE-2013-6344 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | N/A |
| The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors. | ||||
| CVE-2011-0992 | 2 Mono, Novell | 2 Mono, Moonlight | 2025-04-11 | N/A |
| Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. | ||||
| CVE-2010-4327 | 1 Novell | 1 Edirectory | 2025-04-11 | N/A |
| Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524. | ||||
| CVE-2013-6345 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | N/A |
| Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception." | ||||
| CVE-2010-4254 | 2 Mono, Novell | 2 Mono, Moonlight | 2025-04-11 | N/A |
| Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. | ||||
| CVE-2013-6347 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | N/A |
| Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2013-6346 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2013-1087 | 2 Microsoft, Novell | 2 Windows, Groupwise | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. | ||||
| CVE-2013-4419 | 4 Libguestfs, Novell, Redhat and 1 more | 4 Libguestfs, Suse Linux Enterprise Server, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. | ||||
| CVE-2013-1093 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | N/A |
| Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. | ||||
| CVE-2013-3710 | 1 Novell | 1 Suse Lifecycle Management Server | 2025-04-11 | N/A |
| SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. | ||||
| CVE-2013-3709 | 2 Novell, Suse | 3 Suse Lifecycle Management Server, Studio Onsite, Webyast | 2025-04-11 | N/A |
| WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. | ||||
| CVE-2013-3708 | 1 Novell | 1 Iprint | 2025-04-11 | N/A |
| The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2013-1085 | 1 Novell | 2 Groupwise Messenger, Messenger | 2025-04-11 | N/A |
| Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter. | ||||
| CVE-2013-1096 | 1 Novell | 1 Identity Manager Roles Based Provisioning Module | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId. | ||||
| CVE-2013-3705 | 1 Novell | 1 Client | 2025-04-11 | N/A |
| The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. | ||||
| CVE-2013-3697 | 2 Microsoft, Novell | 7 Windows 2003 Server, Windows 7, Windows 8 and 4 more | 2025-04-11 | N/A |
| Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. | ||||
| CVE-2013-3567 | 5 Canonical, Novell, Puppet and 2 more | 7 Ubuntu Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 4 more | 2025-04-11 | N/A |
| Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. | ||||
| CVE-2011-3174 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | N/A |
| Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter. | ||||