VYPR

Vendor CVEs

Novell

All CVEs

755 total · sorted by risk
  • CVE-2006-0736Feb 27, 2006
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2004-0081Nov 23, 2004
    risk 0.01cvss epss 0.07

    OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

  • CVE-2004-0112Nov 23, 2004
    risk 0.01cvss epss 0.10

    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…

  • CVE-2003-0460Aug 27, 2003
    risk 0.01cvss epss 0.13

    The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.

  • CVE-2002-1437Apr 11, 2003
    risk 0.01cvss epss 0.17

    Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.

  • CVE-2002-1417Apr 11, 2003
    risk 0.01cvss epss 0.17

    Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the…

  • CVE-2002-1592May 6, 2002
    risk 0.01cvss epss 0.12

    The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.

  • CVE-2026-3266Mar 3, 2026
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2.

  • CVE-2020-11859Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3

  • CVE-2024-4187Jul 31, 2024
    risk 0.00cvss epss 0.00

    Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.

  • CVE-2024-34012Jun 14, 2024
    risk 0.00cvss epss 0.00

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.

  • CVE-2020-11843Jun 11, 2024
    risk 0.00cvss epss 0.00

    This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before

  • CVE-2024-4429May 28, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information disclosure.

  • CVE-2024-3969May 28, 2024
    risk 0.00cvss epss 0.01

    XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload

  • CVE-2024-3488May 15, 2024
    risk 0.00cvss epss 0.00

    File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.

  • CVE-2024-3487May 15, 2024
    risk 0.00cvss epss 0.00

    Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.

  • CVE-2024-3486May 15, 2024
    risk 0.00cvss epss 0.00

    XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.

  • CVE-2024-3485May 15, 2024
    risk 0.00cvss epss 0.00

    Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure.

  • CVE-2024-3484May 15, 2024
    risk 0.00cvss epss 0.01

    Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure.

  • CVE-2024-3483May 15, 2024
    risk 0.00cvss epss 0.01

    Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.

  • CVE-2024-3967May 15, 2024
    risk 0.00cvss epss 0.01

    Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.

  • CVE-2024-3968May 15, 2024
    risk 0.00cvss epss 0.01

    Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.

  • CVE-2024-3970May 15, 2024
    risk 0.00cvss epss 0.01

    Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal.

  • CVE-2023-38709Apr 4, 2024
    risk 0.00cvss epss 0.04

    Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

  • CVE-2023-49961Jan 8, 2024
    risk 0.00cvss epss 0.00

    WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.

  • CVE-2023-0421May 8, 2023
    risk 0.00cvss epss 0.01

    The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.

  • CVE-2023-2291Apr 26, 2023
    risk 0.00cvss epss 0.01

    Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their…

  • CVE-2023-23592Feb 9, 2023
    risk 0.00cvss epss 0.01

    WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.

  • CVE-2022-38758Jan 25, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.

  • CVE-2022-38755Nov 21, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus…

  • CVE-2022-41707Oct 19, 2022
    risk 0.00cvss epss 0.01

    Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public.

  • CVE-2022-41708Oct 19, 2022
    risk 0.00cvss epss 0.01

    Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly.

  • CVE-2022-1777Jun 13, 2022
    risk 0.00cvss epss 0.01

    The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow…

  • CVE-2022-29525Jun 13, 2022
    risk 0.00cvss epss 0.01

    Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.

  • CVE-2022-26834Jun 13, 2022
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default.

  • CVE-2022-21949May 3, 2022
    risk 0.00cvss epss 0.02

    A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges…

  • CVE-2021-22521Jul 30, 2021
    risk 0.00cvss epss 0.00

    A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges.

  • CVE-2021-33501Jul 19, 2021
    risk 0.00cvss epss 0.08

    Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.

  • CVE-2020-8031Feb 11, 2021
    risk 0.00cvss epss 0.01

    A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build…

  • CVE-2020-25838Dec 11, 2020
    risk 0.00cvss epss 0.01

    Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.

  • CVE-2020-25832Nov 17, 2020
    risk 0.00cvss epss 0.01

    Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.

  • CVE-2020-8028Sep 17, 2020
    risk 0.00cvss epss 0.00

    A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to…

  • CVE-2020-8021May 19, 2020
    risk 0.00cvss epss 0.01

    a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.

  • CVE-2020-8020May 13, 2020
    risk 0.00cvss epss 0.01

    A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb.

  • CVE-2020-8018May 4, 2020
    risk 0.00cvss epss 0.00

    A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects:…

  • CVE-2020-2745Apr 15, 2020
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2020-2747Apr 15, 2020
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise…

  • CVE-2017-14806Jan 27, 2020
    risk 0.00cvss epss 0.00

    A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite…

  • CVE-2012-6345Jan 25, 2020
    risk 0.00cvss epss 0.01

    Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.

  • CVE-2012-6344Jan 25, 2020
    risk 0.00cvss epss 0.01

    Novell ZENworks Configuration Management before 11.2.4 allows XSS.

Page 7 of 16