Novell: Security Vulnerabilities
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.062
Published
2013-04-10
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate.
CVSS Score
5.8
EPSS Score
0.006
Published
2013-04-07
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
CVSS Score
10.0
EPSS Score
0.77
Published
2013-03-29
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter.
CVSS Score
7.5
EPSS Score
0.128
Published
2013-03-29
Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.014
Published
2013-03-29
Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter.
CVSS Score
9.3
EPSS Score
0.056
Published
2013-03-29
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.
CVSS Score
6.8
EPSS Score
0.023
Published
2013-03-29
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save Query As" "Save As Retention Policy" action.
CVSS Score
4.3
EPSS Score
0.045
Published
2013-03-29
The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.
CVSS Score
7.2
EPSS Score
0.004
Published
2013-03-20
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
CVSS Score
7.5
EPSS Score
0.681
Published
2013-03-11