Vulnerabilities > Novell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-10 | CVE-2013-1379 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
| 2013-04-07 | CVE-2013-2770 | Improper Input Validation vulnerability in Novell Kanaka 2.7/2.7.1 The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate. | 5.8 |
| 2013-03-29 | CVE-2013-1085 | Buffer Errors vulnerability in Novell Groupwise Messenger and Messenger Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter. | 9.3 |
| 2013-03-29 | CVE-2013-1083 | Unspecified vulnerability in Novell Identity Manager Roles Based Provisioning Module 4.0.2 Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors. | 10.0 |
| 2013-03-29 | CVE-2013-1082 | Path Traversal vulnerability in Novell Zenworks Mobile Management 2.6.1 Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. | 7.5 |
| 2013-03-29 | CVE-2013-1080 | Improper Authentication vulnerability in Novell Zenworks Configuration Management 10.3/11.2 The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. | 10.0 |
| 2013-03-29 | CVE-2013-1079 | Path Traversal vulnerability in Novell Zenworks Configuration Management Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method. | 6.8 |
| 2013-03-29 | CVE-2012-6534 | Permissions, Privileges, and Access Controls vulnerability in Novell Sentinel LOG Manager Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save Query As" "Save As Retention Policy" action. | 4.3 |
| 2013-03-20 | CVE-2012-5938 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. | 7.2 |
| 2013-03-11 | CVE-2013-1081 | Path Traversal vulnerability in Novell Zenworks Mobile Management 2.6.1/2.7.0 Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter. | 7.5 |