| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3268 |
287 |
|
|
2013-04-24 |
2013-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. |
|
2 |
CVE-2013-2770 |
20 |
|
|
2013-04-07 |
2013-04-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate. |
|
3 |
CVE-2013-1927 |
|
|
Exec Code |
2013-04-29 |
2013-06-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." |
|
4 |
CVE-2013-1926 |
|
|
+Info |
2013-04-29 |
2013-06-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. |
|
5 |
CVE-2013-1846 |
119 |
|
DoS Overflow |
2013-05-02 |
2013-05-03 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. |
|
6 |
CVE-2013-1845 |
119 |
|
DoS Overflow |
2013-05-02 |
2013-05-06 |
2.1 |
None |
Remote |
High |
Single system |
None |
None |
Partial |
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. |
|
7 |
CVE-2013-1092 |
|
|
+Priv |
2013-05-05 |
2013-05-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. |
|
8 |
CVE-2013-1091 |
119 |
|
Exec Code Overflow |
2013-05-02 |
2013-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Novell iPrint Client before 5.90 allows remote attackers to execute arbitrary code via unspecified vectors. |
|
9 |
CVE-2013-1088 |
352 |
|
CSRF |
2013-04-24 |
2013-05-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. |
|
10 |
CVE-2013-1086 |
79 |
|
XSS |
2013-04-19 |
2013-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. |
|
11 |
CVE-2013-1085 |
119 |
|
Exec Code Overflow |
2013-03-29 |
2013-03-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter. |
|
12 |
CVE-2013-1083 |
|
|
|
2013-03-29 |
2013-04-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors. |
|
13 |
CVE-2013-1082 |
22 |
|
Dir. Trav. |
2013-03-29 |
2013-03-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. |
|
14 |
CVE-2013-1081 |
22 |
|
Dir. Trav. |
2013-03-11 |
2013-03-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter. |
|
15 |
CVE-2013-1080 |
287 |
|
Dir. Trav. |
2013-03-29 |
2013-04-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. |
|
16 |
CVE-2013-1079 |
22 |
|
Dir. Trav. |
2013-03-29 |
2013-04-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method. |
|
17 |
CVE-2013-0804 |
78 |
|
DoS Exec Code |
2013-02-23 |
2013-02-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors. |
|
18 |
CVE-2013-0338 |
119 |
|
DoS Overflow |
2013-04-25 |
2013-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. |
|
19 |
CVE-2013-0233 |
399 |
1
|
Bypass |
2013-04-25 |
2013-05-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts. |
|
20 |
CVE-2012-6534 |
264 |
|
|
2013-03-29 |
2013-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save Query As" "Save As Retention Policy" action. |
|
21 |
CVE-2012-6139 |
|
|
DoS |
2013-04-12 |
2013-04-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. |
|
22 |
CVE-2012-6093 |
310 |
|
|
2013-02-24 |
2013-02-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. |
|
23 |
CVE-2012-4959 |
22 |
|
Dir. Trav. |
2012-11-18 |
2012-11-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. |
|
24 |
CVE-2012-4958 |
22 |
|
Dir. Trav. |
2012-11-18 |
2012-11-19 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. |
|
25 |
CVE-2012-4957 |
22 |
|
Dir. Trav. |
2012-11-18 |
2012-11-19 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record. |
|
26 |
CVE-2012-4956 |
119 |
|
Exec Code Overflow |
2012-11-18 |
2013-05-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record. |
|
27 |
CVE-2012-4933 |
255 |
|
+Info |
2012-10-20 |
2013-02-13 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. |
|
28 |
CVE-2012-4912 |
79 |
|
XSS |
2012-09-28 |
2013-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message. |
|
29 |
CVE-2012-2223 |
200 |
|
+Info |
2012-04-11 |
2012-04-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors. |
|
30 |
CVE-2012-2215 |
22 |
|
Dir. Trav. |
2012-04-09 |
2012-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. |
|
31 |
CVE-2012-0439 |
94 |
|
Exec Code |
2013-02-23 |
2013-02-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method. |
|
32 |
CVE-2012-0421 |
200 |
|
+Info |
2012-08-08 |
2012-08-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file. |
|
33 |
CVE-2012-0419 |
22 |
|
Dir. Trav. |
2012-09-28 |
2013-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. |
|
34 |
CVE-2012-0418 |
|
|
Exec Code |
2012-09-28 |
2013-02-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file. |
|
35 |
CVE-2012-0417 |
189 |
|
Exec Code Overflow |
2012-09-28 |
2013-02-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. |
|
36 |
CVE-2012-0411 |
|
|
Exec Code |
2012-12-24 |
2013-01-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action. |
|
37 |
CVE-2012-0410 |
22 |
|
Dir. Trav. |
2012-07-05 |
2013-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. |
|
38 |
CVE-2012-0272 |
79 |
|
XSS |
2012-09-19 |
2013-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter. |
|
39 |
CVE-2012-0271 |
189 |
|
Exec Code Overflow |
2012-09-19 |
2013-04-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header. |
|
40 |
CVE-2011-5028 |
22 |
|
Dir. Trav. |
2011-12-29 |
2013-02-14 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. |
|
41 |
CVE-2011-4194 |
119 |
|
Exec Code Overflow |
2012-02-01 |
2012-02-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field. |
|
42 |
CVE-2011-4191 |
119 |
|
DoS Exec Code Overflow |
2011-11-29 |
2011-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets. |
|
43 |
CVE-2011-4189 |
94 |
|
DoS Exec Code Mem. Corr. |
2012-03-02 |
2012-03-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file. |
|
44 |
CVE-2011-4188 |
119 |
|
DoS Overflow |
2012-04-09 |
2012-12-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. |
|
45 |
CVE-2011-4187 |
119 |
|
Exec Code Overflow |
2012-02-21 |
2012-02-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173. |
|
46 |
CVE-2011-4186 |
119 |
|
Exec Code Overflow |
2012-02-21 |
2012-02-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705. |
|
47 |
CVE-2011-4185 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-02-21 |
2012-02-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. |
|
48 |
CVE-2011-3827 |
119 |
|
DoS Overflow |
2012-09-19 |
2013-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment. |
|
49 |
CVE-2011-3179 |
200 |
|
+Info |
2011-12-08 |
2012-03-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command. |
|
50 |
CVE-2011-3176 |
119 |
1
|
Exec Code Overflow |
2012-04-09 |
2012-09-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request. |
