Vulnerabilities > Novell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-12-30 | CVE-2010-4321 | Buffer Errors vulnerability in Novell Iprint Client 5.52 Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method. | 9.3 |
| 2010-12-06 | CVE-2010-4254 | Improper Input Validation vulnerability in multiple products Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. | 7.5 |
| 2010-11-22 | CVE-2010-4299 | Buffer Errors vulnerability in Novell Zenworks Handheld Management 7 Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400. | 9.3 |
| 2010-10-12 | CVE-2010-3110 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors. | 7.2 |
| 2010-09-08 | CVE-2010-3264 | Credentials Management vulnerability in Novell Identity Manager 3.6.1 The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file. | 2.1 |
| 2010-09-03 | CVE-2010-1507 | Credentials Management vulnerability in Novell Suse Linux 11 WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. | 5.0 |
| 2010-09-03 | CVE-2010-1325 | Cross-Site Request Forgery (CSRF) vulnerability in Novell Suse Lifecycle Management Server 1.0 Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. | 4.3 |
| 2010-08-23 | CVE-2010-3109 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter. | 9.3 |
| 2010-08-23 | CVE-2010-3108 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names. | 9.3 |
| 2010-08-23 | CVE-2010-3107 | Permissions, Privileges, and Access Controls vulnerability in Novell Iprint A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module. | 7.1 |