CVE-2016-4997

Public exploit
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-07-03
Updated
2023-09-12

CVE-2016-1593

Public exploit
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Max CVSS
7.2
EPSS Score
88.13%
Published
2016-04-22
Updated
2018-10-09

CVE-2013-3956

Public exploit
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.
Max CVSS
7.2
EPSS Score
0.46%
Published
2013-07-31
Updated
2013-08-22

CVE-2013-1081

Public exploit
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
Max CVSS
7.5
EPSS Score
94.36%
Published
2013-03-11
Updated
2013-03-18

CVE-2012-4958

Public exploit
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
Max CVSS
7.8
EPSS Score
95.27%
Published
2012-11-18
Updated
2012-11-19

CVE-2012-4957

Public exploit
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.
Max CVSS
7.8
EPSS Score
95.81%
Published
2012-11-18
Updated
2012-11-19

CVE-2012-4933

Public exploit
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.
Max CVSS
7.8
EPSS Score
97.12%
Published
2012-10-20
Updated
2017-08-29

CVE-2009-4655

Public exploit
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
Max CVSS
7.5
EPSS Score
6.74%
Published
2010-02-26
Updated
2017-08-17

CVE-2008-0926

Public exploit
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
Max CVSS
7.5
EPSS Score
34.62%
Published
2008-03-28
Updated
2018-10-15

CVE-2006-5478

Public exploit
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.
Max CVSS
7.5
EPSS Score
95.58%
Published
2006-10-24
Updated
2018-10-17

CVE-2005-3314

Public exploit
Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments."
Max CVSS
7.5
EPSS Score
85.32%
Published
2005-11-18
Updated
2017-07-11

CVE-2005-2551

Public exploit
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
Max CVSS
7.5
EPSS Score
93.05%
Published
2005-08-12
Updated
2008-09-05

CVE-2005-1543

Public exploit
Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests.
Max CVSS
7.5
EPSS Score
95.67%
Published
2005-05-25
Updated
2017-07-11
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
Max CVSS
7.8
EPSS Score
0.06%
Published
2017-06-19
Updated
2020-10-15
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
Max CVSS
7.8
EPSS Score
7.14%
Published
2017-10-03
Updated
2018-05-11
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
Max CVSS
7.5
EPSS Score
64.79%
Published
2017-10-03
Updated
2018-05-11
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
Max CVSS
7.5
EPSS Score
0.18%
Published
2018-03-02
Updated
2019-10-09
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
Max CVSS
7.5
EPSS Score
0.23%
Published
2018-03-02
Updated
2019-10-09
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
Max CVSS
7.5
EPSS Score
0.84%
Published
2017-04-27
Updated
2019-10-03
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).
Max CVSS
7.8
EPSS Score
1.75%
Published
2017-01-23
Updated
2020-02-24
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.
Max CVSS
7.5
EPSS Score
0.12%
Published
2017-03-23
Updated
2017-04-05
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
Max CVSS
7.5
EPSS Score
42.75%
Published
2016-09-26
Updated
2022-08-16
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Max CVSS
7.8
EPSS Score
41.94%
Published
2016-09-26
Updated
2022-12-13
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-06-27
Updated
2023-01-17
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-06-27
Updated
2023-01-17
145 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!