Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names.
8.1AI Score
0.029EPSS
Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter.
8.2AI Score
0.029EPSS
Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.
7.4AI Score
0.001EPSS
The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.
5.9AI Score
0.001EPSS
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
6.7AI Score
0.005EPSS
The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow.
8AI Score
0.94EPSS
Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.
7.8AI Score
0.888EPSS
Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traver...
7.3AI Score
0.885EPSS
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
7.2AI Score
0.347EPSS
Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400.
8.2AI Score
0.882EPSS
Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter.
8.8CVSS
8.8AI Score
0.08EPSS
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.
7.9AI Score
0.356EPSS
Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.
5.4AI Score
0.001EPSS
Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request.
8.1AI Score
0.954EPSS
Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5.8AI Score
0.006EPSS
Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message.
7.8AI Score
0.838EPSS
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this me...
7.9AI Score
0.748EPSS
Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524.
6.7AI Score
0.123EPSS
Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes.
8.1AI Score
0.938EPSS
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.
7.9AI Score
0.045EPSS
Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data.
8AI Score
0.502EPSS
Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header.
7.8AI Score
0.488EPSS
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, o...
8AI Score
0.161EPSS
Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information.
6.9AI Score
0.014EPSS
Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5.8AI Score
0.002EPSS
Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command.
8AI Score
0.309EPSS
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST d...
7.6AI Score
0.801EPSS
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunct...
7.7AI Score
0.801EPSS
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to a...
8.1AI Score
0.667EPSS
Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file.
8.2AI Score
0.728EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5.9AI Score
0.001EPSS
Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors.
7.9AI Score
0.213EPSS
The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors.
6.7AI Score
0.001EPSS
Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400.
8.1AI Score
0.807EPSS
pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
6.6AI Score
0.001EPSS
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or cor...
6.5AI Score
0.04EPSS
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or c...
7AI Score
0.08EPSS
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.
7.4AI Score
0.029EPSS
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.
7.2AI Score
0.023EPSS
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.
5.9AI Score
0.001EPSS
Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.
8.1AI Score
0.826EPSS
The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
6.6AI Score
0.001EPSS
SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon.
6.8AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the ap...
5.9AI Score
0.002EPSS
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url.
8AI Score
0.345EPSS
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url.
8AI Score
0.345EPSS
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url.
8AI Score
0.345EPSS
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url.
8AI Score
0.259EPSS
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url.
8AI Score
0.345EPSS
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url.
8AI Score
0.345EPSS