Filtered by vendor Novell
Subscribe
Total
671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4324 | 1 Novell | 2 Identity Manager, Identity Manager Roles Based Provisioning Module | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4323 | 1 Novell | 1 Zenworks Configuration Manager | 2024-11-21 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request. | |||||
| CVE-2010-4322 | 1 Novell | 1 Vibe Onprem | 2024-11-21 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field. | |||||
| CVE-2010-4321 | 1 Novell | 1 Iprint Client | 2024-11-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method. | |||||
| CVE-2010-4314 | 2 Microsoft, Novell | 4 Windows 7, Windows Vista, Windows Xp and 1 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter. | |||||
| CVE-2010-4299 | 1 Novell | 1 Zenworks Handheld Management | 2024-11-21 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400. | |||||
| CVE-2010-4254 | 2 Mono, Novell | 2 Mono, Moonlight | 2024-11-21 | 7.5 HIGH | N/A |
| Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. | |||||
| CVE-2010-4229 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request. | |||||
| CVE-2010-4228 | 1 Novell | 1 Netware | 2024-11-21 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4. | |||||
| CVE-2010-4227 | 1 Novell | 1 Netware | 2024-11-21 | 10.0 HIGH | N/A |
| The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow. | |||||
| CVE-2010-3912 | 1 Novell | 1 Suse Linux | 2024-11-21 | 10.0 HIGH | N/A |
| The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. | |||||
| CVE-2010-3264 | 1 Novell | 1 Identity Manager | 2024-11-21 | 2.1 LOW | N/A |
| The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2010-3110 | 2 Novell, Opensuse | 2 Suse Linux, Opensuse | 2024-11-21 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors. | |||||
| CVE-2010-3109 | 1 Novell | 1 Iprint | 2024-11-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter. | |||||
| CVE-2010-3108 | 1 Novell | 1 Iprint | 2024-11-21 | 9.3 HIGH | N/A |
| Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names. | |||||
| CVE-2010-3107 | 1 Novell | 1 Iprint | 2024-11-21 | 7.1 HIGH | N/A |
| A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module. | |||||
| CVE-2010-3106 | 1 Novell | 1 Iprint | 2024-11-21 | 9.3 HIGH | N/A |
| The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method. | |||||
| CVE-2010-3105 | 1 Novell | 1 Iprint | 2024-11-21 | 9.3 HIGH | N/A |
| The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-2779 | 1 Novell | 1 Groupwise | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies." | |||||
| CVE-2010-2778 | 1 Novell | 1 Groupwise | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit." | |||||