VIR Vulnerability Intelligence Relay

Search

Found 62 results in 379ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-1611 high 7.8 8.8 EXP novell 10y ago Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's conten…
CVE-2016-1610 high 7.5 8.5 EXP novell 10y ago Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrict…
CVE-2016-1609 medium 5.4 6.4 EXP novell 10y ago Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTM…
CVE-2016-1608 high 8.8 9.8 EXP novell 10y ago vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer pa…
CVE-2016-1607 high 7.2 8.2 EXP novell 10y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administr…
CVE-2016-4997 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel novell 10y ago The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of …
CVE-2016-1583 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel novell 10y ago The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vecto…
CVE-2016-4486 low 3.3 4.3 EXPFIX slesdebian debianubuntu ubuntu novell 10y ago The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from …
CVE-2016-3140 medium 4.6 5.6 EXPFIX slesdebian debiansuse suse novell 10y ago The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-3136 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-2188 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system c…
CVE-2016-3672 high 7.8 8.8 EXPFIX slesdebian debiansuse suse novell 10y ago The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the int…
CVE-2016-3139 medium 4.6 5.6 EXPFIX slesdebian debiansuse suse novell 10y ago The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system cr…
CVE-2016-3134 high 8.4 9.4 EXPFIX slesdebian debiansuse suse novell 10y ago The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) vi…
CVE-2016-2184 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL poin…
CVE-2016-1596 medium 5.4 6.4 EXP novell 10y ago Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, …
CVE-2016-1595 medium 6.5 7.5 EXP novell 10y ago LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection att…
CVE-2016-1594 medium 6.5 7.5 EXP novell 10y ago Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via …
CVE-2016-1593 high 7.2 8.2 EXP novell 10y ago Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a …
CVE-2015-7566 medium 4.6 5.6 EXPFIX slesdebian debiansuse suse novell 11y ago The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system cras…
CVE-2015-0779 critical 10.0 EXP novell 11y ago Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory …
CVE-2010-5324 critical 10.0 EXP novell 11y ago Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary cod…
CVE-2010-5323 critical 10.0 EXP novell 11y ago Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary cod…
CVE-2014-3566 low 3.4 4.4 EXPFIX slesdebian debianfreebsd freebsd novellopensslibm 12y ago The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a pad…
CVE-2013-3956 high 8.2 EXP windows windows novell 13y ago The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows S…
CVE-2013-1080 critical 10.0 EXP novell 13y ago The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to cond…
CVE-2012-6534 medium 5.3 EXP novell 13y ago Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote…
CVE-2013-1081 high 8.5 EXP novell 13y ago Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
CVE-2013-0804 critical 10.0 EXP novell 14y ago The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecif…
CVE-2012-0439 critical 10.0 EXP novell 14y ago An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the Set…
CVE-2012-4959 critical 10.0 EXP novell 14y ago Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of…
CVE-2012-4958 high 8.8 EXP novell 14y ago Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an …
CVE-2012-4957 high 8.8 EXP novell 14y ago Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an…
CVE-2012-4956 critical 10.0 EXP novell 14y ago Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.
CVE-2012-4933 high 8.8 EXP novell 14y ago The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (…
CVE-2012-0419 medium 6.0 EXP novell 14y ago Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directo…
CVE-2012-0271 critical 10.0 EXP novell 14y ago Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitr…
CVE-2011-2657 medium 7.8 EXP novell 14y ago Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.…
CVE-2012-2215 medium 6.0 EXP novell 14y ago Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.
CVE-2011-3176 critical 10.0 EXP novell 14y ago Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
CVE-2011-3175 critical 10.0 EXP novell 14y ago Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
CVE-2011-4189 high 8.5 EXP novell 15y ago The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail add…
CVE-2011-5028 medium 5.0 EXP novell 15y ago Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users…
CVE-2011-2653 critical 10.0 EXP novell 15y ago Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
CVE-2011-2750 medium 6.0 EXP novell 15y ago NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.
CVE-2010-4227 critical 10.0 EXP novell 16y ago The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS R…
CVE-2010-4328 high 8.5 EXP novell 16y ago Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified L…
CVE-2010-4323 high 8.5 EXP novell 16y ago Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a lo…
CVE-2010-4717 medium 7.5 EXP novell 16y ago Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1)…
CVE-2010-4715 medium 6.0 EXP novell 16y ago Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via u…
CVE-2010-4711 critical 10.0 EXP novell 16y ago Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in …
CVE-2010-2777 critical 10.0 EXP novell 16y ago Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute a…
CVE-2010-4321 critical 10.0 EXP novell 16y ago Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method…
CVE-2010-4254 high 8.5 EXP mononovell 16y ago Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possi…
CVE-2010-3106 critical 10.0 EXP novell 16y ago The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cau…
CVE-2010-1527 critical 10.0 EXP novell 16y ago Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.
CVE-2010-1930 medium 6.0 EXP novell 16y ago Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.
CVE-2010-1929 critical 10.0 EXP novell 16y ago Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow r…
CVE-2010-2351 critical 10.0 EXP novell 16y ago Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a …
CVE-2009-4655 high 8.5 EXP novell 17y ago The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
CVE-2009-4654 critical 10.0 EXP novell 17y ago Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a s…
CVE-2009-4653 critical 10.0 EXP novell 17y ago Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrar…