Vulnerabilities > Novell > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-08 | CVE-2011-2219 | Unspecified vulnerability in Novell Groupwise 8.0 Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2218. | 5.0 |
2011-10-08 | CVE-2011-2218 | Unspecified vulnerability in Novell Groupwise 8.0 Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2219. | 5.0 |
2011-10-08 | CVE-2011-1696 | Cross-Site Scripting vulnerability in Novell products Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972. | 4.3 |
2011-08-23 | CVE-2011-2652 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file. | 4.3 |
2011-08-23 | CVE-2011-2650 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display. | 4.3 |
2011-08-23 | CVE-2011-2644 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display. | 4.3 |
2011-08-23 | CVE-2011-2226 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing. | 4.3 |
2011-08-09 | CVE-2011-3014 | Permissions, Privileges, and Access Controls vulnerability in Novell Data Synchronizer and Mobility Pack The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation. | 5.0 |
2011-08-09 | CVE-2011-3013 | Cryptographic Issues vulnerability in Novell Data Synchronizer and Mobility Pack WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack. | 5.0 |
2011-08-09 | CVE-2011-2224 | Cross-Site Scripting vulnerability in Novell Data Synchronizer and Mobility Pack The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |