Vulnerabilities > Novell > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-08 | CVE-2016-5759 | Improper Input Validation vulnerability in multiple products The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. | 7.8 |
| 2017-08-09 | CVE-2015-0785 | Information Exposure vulnerability in Novell Zenworks Configuration Management com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. | 7.5 |
| 2017-08-09 | CVE-2015-0784 | Information Exposure vulnerability in Novell Zenworks Configuration Management Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. | 7.5 |
| 2017-07-21 | CVE-2015-5219 | Incorrect Type Conversion or Cast vulnerability in multiple products The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | 7.5 |
| 2017-06-19 | CVE-2017-1000366 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. | 7.8 |
| 2017-05-03 | CVE-2017-7431 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. | 8.8 |
| 2017-04-27 | CVE-2017-5186 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | 7.5 |
| 2017-03-23 | CVE-2016-9167 | Permissions, Privileges, and Access Controls vulnerability in Novell Edirectory NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. | 7.5 |
| 2017-03-23 | CVE-2016-5747 | Improper Access Control vulnerability in Novell Edirectory A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | 7.5 |
| 2017-03-11 | CVE-2010-4314 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Novell Iprint Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter. | 8.8 |