Vulnerabilities > Novell > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2017-5182 | Information Exposure vulnerability in Novell Open Enterprise Server 11.0/2.0/2015 Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. | 7.5 |
| 2016-09-26 | CVE-2016-7052 | NULL Pointer Dereference vulnerability in multiple products crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | 7.5 |
| 2016-09-26 | CVE-2016-6304 | Memory Leak vulnerability in multiple products Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. | 7.5 |
| 2016-09-20 | CVE-2015-8921 | Out-of-bounds Read vulnerability in multiple products The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | 7.5 |
| 2016-09-20 | CVE-2015-8919 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. | 7.5 |
| 2016-09-20 | CVE-2015-8918 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." | 7.5 |
| 2016-08-01 | CVE-2016-1611 | Permissions, Privileges, and Access Controls vulnerability in Novell Filr 1.2/2.0 Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands. | 7.8 |
| 2016-08-01 | CVE-2016-1610 | Path Traversal vulnerability in Novell Filr 1.2/2.0 Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. | 7.5 |
| 2016-08-01 | CVE-2016-1608 | Improper Access Control vulnerability in Novell Filr 1.2/2.0 vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter. | 8.8 |
| 2016-08-01 | CVE-2016-1607 | Cross-Site Request Forgery (CSRF) vulnerability in Novell Filr 1.2/2.0 Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request. | 7.2 |