Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe
Total 675 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-2655 1 Novell 1 Zenworks Handheld Management 2026-06-16 9.3 HIGH N/A
Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2656.
CVE-2011-2654 1 Novell 1 Cloud Manager 2026-06-16 9.3 HIGH N/A
The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.
CVE-2011-2653 1 Novell 1 Zenworks Asset Management 2026-06-16 10.0 HIGH N/A
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
CVE-2011-2652 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file.
CVE-2011-2651 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in the file browser in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename.
CVE-2011-2650 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display.
CVE-2011-2649 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2026-06-16 7.5 HIGH N/A
Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call.
CVE-2011-2648 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a filter in a modified file.
CVE-2011-2647 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted archive name in the list of testdrive modified files.
CVE-2011-2646 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename in the list of testdrive modified files.
CVE-2011-2645 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename for a custom RPM.
CVE-2011-2644 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display.
CVE-2011-2227 1 Novell 2 Identity Manager Roles Based Provisioning Module, Identity Manager User Application 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603.
CVE-2011-2226 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing.
CVE-2011-2225 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2026-06-16 9.3 HIGH N/A
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to have an unknown impact via a crafted directory pathname that is inserted into config.sh.
CVE-2011-2224 1 Novell 2 Data Synchronizer, Mobility Pack 2026-06-16 4.3 MEDIUM N/A
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2011-2223 1 Novell 2 Data Synchronizer, Mobility Pack 2026-06-16 5.0 MEDIUM N/A
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2011-2222 1 Novell 2 Data Synchronizer, Mobility Pack 2026-06-16 4.3 MEDIUM N/A
Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2011-2221 1 Novell 2 Data Synchronizer, Mobility Pack 2026-06-16 5.0 MEDIUM N/A
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors.
CVE-2011-2220 1 Novell 2 File Reporter, File Reporter Engine 2026-06-16 10.0 HIGH N/A
Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element.