Vulnerabilities > Novell

DATE CVE VULNERABILITY TITLE RISK
2016-08-01 CVE-2016-1610 Path Traversal vulnerability in Novell Filr 1.2/2.0
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a ..
network
low complexity
novell CWE-22
7.5
2016-08-01 CVE-2016-1609 Cross-site Scripting vulnerability in Novell Filr 1.2/2.0
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.
network
low complexity
novell CWE-79
5.4
2016-08-01 CVE-2016-1608 Improper Access Control vulnerability in Novell Filr 1.2/2.0
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.
network
low complexity
novell CWE-284
8.8
2016-08-01 CVE-2016-1607 Cross-Site Request Forgery (CSRF) vulnerability in Novell Filr 1.2/2.0
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.
network
low complexity
novell CWE-352
7.2
2016-07-05 CVE-2016-4957 NULL Pointer Dereference vulnerability in multiple products
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.
network
low complexity
ntp oracle novell suse opensuse CWE-476
7.5
2016-07-05 CVE-2016-4956 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.
network
low complexity
ntp oracle novell suse opensuse siemens
5.3
2016-07-05 CVE-2016-4955 Race Condition vulnerability in multiple products
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
network
high complexity
ntp oracle novell suse opensuse siemens CWE-362
5.9
2016-07-03 CVE-2016-4997 Permissions, Privileges, and Access Controls vulnerability in multiple products
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
local
low complexity
linux canonical novell oracle debian CWE-264
7.8
2016-07-03 CVE-2016-1704 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google canonical redhat novell opensuse
8.8
2016-06-27 CVE-2016-5829 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
local
low complexity
debian linux novell canonical CWE-119
7.8