Total
35 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5970 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | |||||
CVE-2015-0786 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2015-0785 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. | |||||
CVE-2015-0784 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. | |||||
CVE-2015-0783 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | |||||
CVE-2015-0782 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-0781 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | |||||
CVE-2015-0780 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-0779 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 10.0 HIGH | N/A |
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324. | |||||
CVE-2014-7169 | 17 Apple, Arista, Canonical and 14 more | 85 Mac Os X, Eos, Ubuntu Linux and 82 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. | |||||
CVE-2014-6271 | 17 Apple, Arista, Canonical and 14 more | 85 Mac Os X, Eos, Ubuntu Linux and 82 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | |||||
CVE-2013-6347 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2013-6346 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2013-6345 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 10.0 HIGH | N/A |
Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception." | |||||
CVE-2013-6344 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 4.3 MEDIUM | N/A |
The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors. | |||||
CVE-2013-3706 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595. | |||||
CVE-2013-1097 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event. | |||||
CVE-2013-1095 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event. | |||||
CVE-2013-1094 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale. | |||||
CVE-2013-1093 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. |