Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe
Total 675 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0611 1 Novell 1 Groupwise 2026-06-17 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-0610 2 Microsoft, Novell 2 Windows, Groupwise 2026-06-17 10.0 HIGH N/A
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
CVE-2014-0609 1 Novell 1 Open Enterprise Server 2026-06-17 10.0 HIGH N/A
Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors.
CVE-2014-0600 1 Novell 1 Groupwise 2026-06-17 7.8 HIGH N/A
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
CVE-2014-0599 1 Novell 1 Open Enterprise Server 2026-06-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-0598 1 Novell 1 Open Enterprise Server 2026-06-17 10.0 HIGH N/A
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors.
CVE-2014-0595 1 Novell 1 Open Enterprise Server 2026-06-17 2.6 LOW N/A
/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.
CVE-2014-0592 2 Crowbar, Novell 2 Barclamp, Suse Cloud 2026-06-17 7.5 HIGH N/A
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.
CVE-2013-7042 1 Novell 1 Suse Lifecycle Management Server 2026-06-17 4.6 MEDIUM N/A
SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors.
CVE-2013-6347 1 Novell 1 Zenworks Configuration Management 2026-06-17 6.8 MEDIUM N/A
Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2013-6346 1 Novell 1 Zenworks Configuration Management 2026-06-17 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-6345 1 Novell 1 Zenworks Configuration Management 2026-06-17 10.0 HIGH N/A
Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception."
CVE-2013-6344 1 Novell 1 Zenworks Configuration Management 2026-06-17 4.3 MEDIUM N/A
The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors.
CVE-2013-4854 10 Fedoraproject, Freebsd, Hp and 7 more 12 Fedora, Freebsd, Hp-ux and 9 more 2026-06-16 7.8 HIGH N/A
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
CVE-2013-4589 3 Fedoraproject, Graphicsmagick, Novell 5 Fedora, Graphicsmagick, Suse Linux Enterprise Debuginfo and 2 more 2026-06-16 4.3 MEDIUM N/A
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.
CVE-2013-4419 3 Libguestfs, Novell, Suse 3 Libguestfs, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit 2026-06-16 6.8 MEDIUM N/A
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
CVE-2013-4357 5 Canonical, Debian, Eglibc and 2 more 5 Ubuntu Linux, Debian Linux, Eglibc and 2 more 2026-06-16 5.0 MEDIUM 7.5 HIGH
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
CVE-2013-3956 2 Microsoft, Novell 7 Windows 2003 Server, Windows 7, Windows 8 and 4 more 2026-06-16 7.2 HIGH N/A
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.
CVE-2013-3710 1 Novell 1 Suse Lifecycle Management Server 2026-06-16 4.3 MEDIUM N/A
SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.
CVE-2013-3709 2 Novell, Suse 3 Suse Lifecycle Management Server, Studio Onsite, Webyast 2026-06-16 7.2 HIGH N/A
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.