Zenworks Configuration Management
by Novell
CVEs (42)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-7169 | Cri | 0.87 | 9.8 | 1.00 | KEV | Sep 25, 2014 | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by… | |
| CVE-2014-6271 | Cri | 0.87 | 9.8 | 1.00 | KEV | Sep 24, 2014 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,… | |
| CVE-2016-7552 | Cri | 0.74 | 9.8 | 0.93 | Apr 12, 2017 | On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. | ||
| CVE-2017-14706 | Cri | 0.69 | 9.8 | 0.28 | Sep 22, 2017 | DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12,… | ||
| CVE-2015-0786 | Cri | 0.66 | 9.8 | 0.24 | Aug 9, 2017 | Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2015-0782 | Cri | 0.64 | 9.8 | 0.07 | Aug 9, 2017 | SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2015-0781 | Cri | 0.64 | 9.8 | 0.04 | Aug 9, 2017 | Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | ||
| CVE-2015-0780 | Cri | 0.64 | 9.8 | 0.08 | Aug 9, 2017 | SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2017-17692 | Hig | 0.58 | 7.5 | 0.79 | Dec 21, 2017 | Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. | ||
| CVE-2015-0785 | Hig | 0.49 | 7.5 | 0.07 | Aug 9, 2017 | com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. | ||
| CVE-2015-0784 | Hig | 0.49 | 7.5 | 0.07 | Aug 9, 2017 | Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. | ||
| CVE-2023-6400 | Hig | 0.48 | 7.4 | 0.00 | Mar 27, 2024 | Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4. | ||
| CVE-2015-0783 | Med | 0.43 | 6.5 | 0.05 | Aug 9, 2017 | The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | ||
| CVE-2015-5970 | Med | 0.35 | 5.3 | 0.01 | Feb 18, 2016 | The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | ||
| CVE-2010-5324 | 0.09 | — | 0.72 | Jun 7, 2015 | Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type… | |||
| CVE-2013-1080 | 0.09 | — | 0.77 | Mar 29, 2013 | The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary… | |||
| CVE-2011-3176 | 0.09 | — | 0.70 | Apr 9, 2012 | Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request. | |||
| CVE-2012-1493 | 0.08 | — | 0.63 | Jul 9, 2012 | F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers'… | |||
| CVE-2011-3175 | 0.08 | — | 0.66 | Apr 9, 2012 | Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request. | |||
| CVE-2011-2657 | 0.07 | — | 0.48 | Jul 26, 2012 | Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a… |
- risk 0.87cvss 9.8epss 1.00
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…
- risk 0.87cvss 9.8epss 1.00
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…
- risk 0.74cvss 9.8epss 0.93
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
- risk 0.69cvss 9.8epss 0.28
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12,…
- risk 0.66cvss 9.8epss 0.24
Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.64cvss 9.8epss 0.07
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.04
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.
- risk 0.64cvss 9.8epss 0.08
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.58cvss 7.5epss 0.79
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.
- risk 0.49cvss 7.5epss 0.07
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.
- risk 0.49cvss 7.5epss 0.07
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.
- risk 0.48cvss 7.4epss 0.00
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4.
- risk 0.43cvss 6.5epss 0.05
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.
- risk 0.35cvss 5.3epss 0.01
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.
- CVE-2010-5324Jun 7, 2015risk 0.09cvss —epss 0.72
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type…
- CVE-2013-1080Mar 29, 2013risk 0.09cvss —epss 0.77
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary…
- CVE-2011-3176Apr 9, 2012risk 0.09cvss —epss 0.70
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
- CVE-2012-1493Jul 9, 2012risk 0.08cvss —epss 0.63
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers'…
- CVE-2011-3175Apr 9, 2012risk 0.08cvss —epss 0.66
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
- CVE-2011-2657Jul 26, 2012risk 0.07cvss —epss 0.48
Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a…
Page 1 of 3