Vulnerabilities > Novell > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-18 | CVE-2014-0599 | Cross-Site Scripting vulnerability in Novell Open Enterprise Server 11.0 Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-03-06 | CVE-2013-3706 | Path Traversal vulnerability in Novell Zenworks Configuration Management 11.2 Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2013-12-28 | CVE-2013-1096 | Cross-Site Scripting vulnerability in Novell Identity Manager Roles Based Provisioning Module 4.0.2 Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId. | 4.3 |
| 2013-12-22 | CVE-2013-3705 | Improper Input Validation vulnerability in Novell Client 2.0 The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. | 4.9 |
| 2013-12-10 | CVE-2013-7042 | Permissions, Privileges, and Access Controls vulnerability in Novell Suse Lifecycle Management Server SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. | 4.6 |
| 2013-12-10 | CVE-2013-3710 | Cryptographic Issues vulnerability in Novell Suse Lifecycle Management Server SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. | 4.3 |
| 2013-12-02 | CVE-2012-0414 | Cross-Site Scripting vulnerability in Novell Suse Manager 1.2 Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name. | 4.3 |
| 2013-12-01 | CVE-2013-3707 | Improper Input Validation vulnerability in Novell Open Enterprise Server 11.0 The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009. | 4.3 |
| 2013-12-01 | CVE-2013-3708 | Unspecified vulnerability in Novell Iprint The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
| 2013-11-05 | CVE-2013-4419 | Permissions, Privileges, and Access Controls vulnerability in multiple products The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. | 6.8 |