CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-14495 399 DoS 2017-10-02 2018-05-10
5.0
None Remote Low Not required None None Partial
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
2 CVE-2017-13704 20 2017-10-02 2018-05-10
5.0
None Remote Low Not required None None Partial
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
3 CVE-2017-9277 19 2018-03-02 2018-03-22
5.0
None Remote Low Not required None Partial None
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
4 CVE-2017-9267 310 2018-03-02 2018-03-19
5.0
None Remote Low Not required Partial None None
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
5 CVE-2016-9167 264 2017-03-23 2017-04-04
5.0
None Remote Low Not required None Partial None
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.
6 CVE-2016-7052 476 DoS 2016-09-26 2018-07-11
5.0
None Remote Low Not required None None Partial
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
7 CVE-2016-5747 284 Bypass 2017-03-23 2017-03-27
5.0
None Remote Low Not required Partial None None
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.
8 CVE-2016-4957 20 DoS 2016-07-04 2018-10-30
5.0
None Remote Low Not required None None Partial
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
9 CVE-2016-4956 19 DoS 2016-07-04 2018-10-30
5.0
None Remote Low Not required None None Partial
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
10 CVE-2016-4485 200 +Info 2016-05-23 2016-11-28
5.0
None Remote Low Not required Partial None None
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
11 CVE-2016-1610 22 Dir. Trav. Bypass 2016-07-31 2017-09-02
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.
12 CVE-2016-1286 20 DoS 2016-03-09 2017-11-20
5.0
None Remote Low Not required None None Partial
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
13 CVE-2016-0376 Exec Code Bypass 2016-06-03 2018-10-09
5.1
None Remote High Not required Partial Partial Partial
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
14 CVE-2015-8921 125 DoS 2016-09-20 2018-01-04
5.0
None Remote Low Not required None None Partial
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
15 CVE-2015-8919 119 DoS Overflow 2016-09-20 2018-01-04
5.0
None Remote Low Not required None None Partial
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
16 CVE-2015-8918 119 DoS Overflow 2016-09-20 2017-06-30
5.0
None Remote Low Not required None None Partial
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
17 CVE-2015-8550 284 DoS +Priv 2016-04-14 2017-11-03
5.7
None Local Low Single system Partial Partial Complete
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
18 CVE-2015-5970 94 2016-02-18 2016-03-10
5.0
None Remote Low Not required Partial None None
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.
19 CVE-2015-5219 704 DoS 2017-07-21 2018-10-30
5.0
None Remote Low Not required None None Partial
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
20 CVE-2015-3044 200 Bypass +Info 2015-04-14 2018-10-30
5.0
None Remote Low Not required Partial None None
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
21 CVE-2015-2568 2015-04-16 2018-01-04
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
22 CVE-2015-0785 200 +Info 2017-08-09 2017-08-18
5.0
None Remote Low Not required Partial None None
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.
23 CVE-2015-0784 200 +Info 2017-08-09 2017-08-18
5.0
None Remote Low Not required Partial None None
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.
24 CVE-2015-0410 2015-01-21 2018-10-30
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
25 CVE-2015-0406 2015-01-21 2017-09-07
5.8
None Remote Medium Not required Partial None Partial
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
26 CVE-2015-0400 2015-01-21 2018-10-30
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
27 CVE-2015-0383 2015-01-21 2018-10-30
5.4
None Local Medium Not required None Partial Complete
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.
28 CVE-2013-3708 DoS 2013-11-30 2014-02-27
5.0
None Remote Low Not required None None Partial
The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors.
29 CVE-2013-3706 22 Dir. Trav. 2014-03-06 2016-12-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595.
30 CVE-2013-2770 20 2013-04-07 2013-04-09
5.8
None Remote Medium Not required Partial Partial None
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate.
31 CVE-2013-1093 20 2013-06-17 2013-11-06
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter.
32 CVE-2013-1084 22 Dir. Trav. 2013-11-02 2013-11-21
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/.
33 CVE-2012-2215 22 Dir. Trav. 2012-04-09 2017-08-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.
34 CVE-2012-0419 22 Dir. Trav. 2012-09-28 2013-04-04
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.
35 CVE-2012-0410 22 Dir. Trav. 2012-07-05 2013-04-01
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter.
36 CVE-2011-3179 200 +Info 2011-12-08 2012-03-05
5.0
None Remote Low Not required Partial None None
The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command.
37 CVE-2011-3014 264 +Info 2011-08-09 2017-08-28
5.0
None Remote Low Not required Partial None None
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.
38 CVE-2011-3013 310 2011-08-09 2017-08-28
5.0
None Remote Low Not required Partial None None
WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack.
39 CVE-2011-2750 399 2011-07-17 2018-10-09
5.0
None Remote Low Not required None None Partial
NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.
40 CVE-2011-2223 310 +Info 2011-08-09 2015-10-29
5.0
None Remote Low Not required Partial None None
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
41 CVE-2011-2221 264 Bypass +Info 2011-08-09 2015-10-29
5.0
None Remote Low Not required Partial None None
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors.
42 CVE-2011-2219 DoS 2011-10-07 2012-05-14
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2218.
43 CVE-2011-2218 DoS 2011-10-07 2012-05-14
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2219.
44 CVE-2011-1711 2011-06-08 2017-08-16
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors.
45 CVE-2011-0992 399 DoS +Info 2011-04-13 2017-08-16
5.8
None Remote Medium Not required Partial None Partial
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.
46 CVE-2011-0990 362 DoS Overflow 2011-04-13 2017-08-16
5.8
None Remote Medium Not required None Partial Partial
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
47 CVE-2011-0989 264 DoS 2011-04-13 2017-08-16
5.8
None Remote Medium Not required None Partial Partial
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
48 CVE-2010-4715 22 Dir. Trav. 2011-01-31 2011-02-16
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information.
49 CVE-2010-4327 DoS 2011-02-10 2018-10-10
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524.
50 CVE-2010-1930 189 1 DoS 2010-06-28 2018-10-10
5.0
None Remote Low Not required None None Partial
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.
Total number of vulnerabilities : 144   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.