Vulnerabilities > Novell > Imanager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-03 | CVE-2017-7430 | Cross-site Scripting vulnerability in multiple products Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. | 6.1 |
| 2013-04-24 | CVE-2013-1088 | Cross-Site Request Forgery (CSRF) vulnerability in Novell Imanager Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. | 6.8 |
| 2012-04-09 | CVE-2011-4188 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Imanager Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. | 4.0 |
| 2010-06-28 | CVE-2010-1930 | Numeric Errors vulnerability in Novell Imanager 2.7.0/2.7.3 Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. | 5.0 |
| 2004-11-23 | CVE-2004-0081 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | 5.0 |