Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.
Max CVSS
6.1
Published
2017-05-03
Updated
2017-05-12
EPSS
0.33%
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks.
Max CVSS
6.1
Published
2017-03-23
Updated
2017-04-05
EPSS
0.11%
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.
Max CVSS
6.5
Published
2017-03-23
Updated
2017-04-05
EPSS
0.17%
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
Max CVSS
6.1
Published
2017-04-20
Updated
2019-05-30
EPSS
1.39%
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.
Max CVSS
6.1
Published
2017-04-20
Updated
2019-05-30
EPSS
2.66%
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
Max CVSS
6.2
Published
2016-05-23
Updated
2023-09-12
EPSS
0.13%
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
Max CVSS
6.2
Published
2016-04-27
Updated
2023-09-12
EPSS
0.14%
An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.
Max CVSS
6.5
Published
2017-03-23
Updated
2017-03-28
EPSS
0.08%
LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.
Max CVSS
6.5
Published
2016-04-22
Updated
2018-10-09
EPSS
0.42%
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.
Max CVSS
6.5
Published
2016-04-22
Updated
2018-10-09
EPSS
2.33%
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
Max CVSS
6.8
Published
2016-03-09
Updated
2023-11-30
EPSS
10.51%
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
Max CVSS
6.5
Published
2016-09-20
Updated
2023-09-12
EPSS
2.74%
Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
6.1
Published
2016-03-18
Updated
2016-03-21
EPSS
0.31%
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
Max CVSS
6.8
Published
2015-05-14
Updated
2023-09-12
EPSS
2.18%
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.
Max CVSS
6.8
Published
2015-05-14
Updated
2023-09-12
EPSS
5.21%
Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.
Max CVSS
6.2
Published
2016-04-27
Updated
2016-12-01
EPSS
0.12%
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.
Max CVSS
6.5
Published
2017-08-09
Updated
2017-08-19
EPSS
24.35%
Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process.
Max CVSS
6.9
Published
2015-01-21
Updated
2022-05-13
EPSS
0.07%
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Max CVSS
6.9
Published
2015-01-21
Updated
2022-05-13
EPSS
0.04%
Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.
Max CVSS
6.8
Published
2013-11-02
Updated
2013-11-04
EPSS
0.44%
Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
Published
2013-11-02
Updated
2013-11-04
EPSS
0.08%
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
Max CVSS
6.8
Published
2013-11-05
Updated
2018-12-13
EPSS
0.10%
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
Max CVSS
6.8
Published
2013-04-24
Updated
2013-05-16
EPSS
0.08%
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.
Max CVSS
6.8
Published
2013-03-29
Updated
2013-04-02
EPSS
1.94%
Novell ZENworks Configuration Management before 11.2.4 allows XSS.
Max CVSS
6.1
Published
2020-01-25
Updated
2020-01-27
EPSS
0.08%
49 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!