Vendor
Novell
Novell, Inc. was an American software and services company headquartered in Provo, Utah, that existed from 1980 until 2014. Its most significant product was the multi-platform network operating system known as NetWare. Novell technology contributed to the emergence of local area networks, which displaced the dominant mainframe computing model and changed computing worldwide.
Founded 1979
Products
105
CVEs
612
Across products
3,494
Status
Private
Products
105- 812 CVEs
- 474 CVEs
- 399 CVEs
- 220 CVEs
- 159 CVEs
- 143 CVEs
- 142 CVEs
- 123 CVEs
- 93 CVEs
- 86 CVEs
- 78 CVEs
- 58 CVEs
- 45 CVEs
- 41 CVEs
- 37 CVEs
- 34 CVEs
- 30 CVEs
- 28 CVEs
- 27 CVEs
- 27 CVEs
- 26 CVEs
- 22 CVEs
- 22 CVEs
- 22 CVEs
- 21 CVEs
- 20 CVEs
- 17 CVEs
- 13 CVEs
- 12 CVEs
- 12 CVEs
- + 75 more — see CVE list below for full coverage.
Recent CVEs
612| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-3043 | Cri | 0.86 | 9.8 | 0.87 | KEV | Apr 14, 2015 | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042. |
| CVE-2014-7169 | Cri | 0.86 | 9.8 | 0.89 | KEV | Sep 25, 2014 | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. |
| CVE-2014-6271 | Cri | 0.86 | 9.8 | 0.94 | KEV | Sep 24, 2014 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. |
| CVE-2015-0786 | Cri | 0.66 | 9.8 | 0.30 | Aug 9, 2017 | Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2008-5038 | Cri | 0.65 | 9.8 | 0.20 | Nov 12, 2008 | Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. | |
| CVE-2015-0782 | Cri | 0.64 | 9.8 | 0.04 | Aug 9, 2017 | SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2015-0781 | Cri | 0.64 | 9.8 | 0.06 | Aug 9, 2017 | Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | |
| CVE-2015-0780 | Cri | 0.64 | 9.8 | 0.04 | Aug 9, 2017 | SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2016-9961 | Cri | 0.64 | 9.8 | 0.03 | Jun 6, 2017 | game-music-emu before 0.6.1 mishandles unspecified integer values. | |
| CVE-2017-7432 | Cri | 0.64 | 9.8 | 0.01 | May 3, 2017 | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. | |
| CVE-2015-8812 | Cri | 0.64 | 9.8 | 0.04 | Apr 27, 2016 | drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets. | |
| CVE-2016-1629 | Cri | 0.64 | 9.8 | 0.03 | Feb 21, 2016 | Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. | |
| CVE-2002-2119 | Cri | 0.64 | 9.8 | 0.01 | Dec 31, 2002 | Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing. | |
| CVE-2016-1608 | Hig | 0.61 | 8.8 | 0.11 | Aug 1, 2016 | vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter. | |
| CVE-2016-3134 | Hig | 0.58 | 8.4 | 0.00 | Apr 27, 2016 | The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. | |
| CVE-2017-7431 | Hig | 0.57 | 8.8 | 0.00 | May 3, 2017 | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. | |
| CVE-2010-4314 | Hig | 0.57 | 8.8 | 0.03 | Mar 11, 2017 | Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter. | |
| CVE-2016-2834 | Hig | 0.57 | 8.8 | 0.00 | Jun 13, 2016 | Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | |
| CVE-2016-1593 | Hig | 0.57 | 7.2 | 0.85 | Apr 22, 2016 | Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL. | |
| CVE-2016-1954 | Hig | 0.57 | 8.8 | 0.03 | Mar 13, 2016 | The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. |