Vulnerabilities > Novell

DATE CVE VULNERABILITY TITLE RISK
2017-03-23 CVE-2016-1603 Information Exposure vulnerability in Novell Netiq IDM Servicenow Driver
An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.
network
low complexity
novell CWE-200
6.5
2017-03-17 CVE-2014-9853 Resource Management Errors vulnerability in multiple products
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
5.5
2017-03-11 CVE-2010-4314 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Novell Iprint
Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter.
network
low complexity
novell CWE-119
8.8
2017-01-30 CVE-2015-7976 7PK - Security Features vulnerability in multiple products
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
network
low complexity
ntp suse novell opensuse CWE-254
4.3
2017-01-23 CVE-2017-5182 Information Exposure vulnerability in Novell Open Enterprise Server 11.0/2.0/2015
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure.
network
low complexity
novell CWE-200
7.5
2016-11-15 CVE-2016-5763 7PK - Security Features vulnerability in Novell products
Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update 10991, OES11 SP2 before Scheduled Maintenance Update 10989) might allow authenticated remote attackers to perform unauthorized file access and modification.
network
low complexity
novell CWE-254
critical
9.1
2016-10-27 CVE-2016-1598 Cross-site Scripting vulnerability in Novell products
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.
network
low complexity
novell CWE-79
5.4
2016-10-13 CVE-2016-7796 Improper Input Validation vulnerability in multiple products
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
local
low complexity
systemd-project novell redhat CWE-20
5.5
2016-09-26 CVE-2016-7052 NULL Pointer Dereference vulnerability in multiple products
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
network
low complexity
novell openssl nodejs CWE-476
7.5
2016-09-26 CVE-2016-6306 Out-of-bounds Read vulnerability in multiple products
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
network
high complexity
openssl hp novell nodejs debian canonical CWE-125
5.9