Vulnerabilities > Novell

DATE CVE VULNERABILITY TITLE RISK
2017-08-09 CVE-2015-0782 SQL Injection vulnerability in Novell Zenworks Configuration Management
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
novell CWE-89
critical
9.8
2017-08-09 CVE-2015-0781 Path Traversal vulnerability in Novell Zenworks Configuration Management
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.
network
low complexity
novell CWE-22
critical
9.8
2017-08-09 CVE-2015-0780 SQL Injection vulnerability in Novell Zenworks Configuration Management
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
novell CWE-89
critical
9.8
2017-07-21 CVE-2015-5219 Incorrect Type Conversion or Cast vulnerability in multiple products
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
7.5
2017-07-06 CVE-2017-8932 Incorrect Calculation vulnerability in multiple products
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points.
network
high complexity
golang fedoraproject novell opensuse CWE-682
5.9
2017-06-19 CVE-2017-1000366 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution.
7.8
2017-06-06 CVE-2016-9961 Numeric Errors vulnerability in multiple products
game-music-emu before 0.6.1 mishandles unspecified integer values.
9.8
2017-06-06 CVE-2016-9960 Divide By Zero vulnerability in multiple products
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
5.5
2017-05-03 CVE-2017-7995 Information Exposure vulnerability in multiple products
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure.
local
low complexity
xen novell suse CWE-200
3.8
2017-05-03 CVE-2017-7432 Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
network
low complexity
novell netiq
critical
9.8