Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zenworks_configuration_management
(Novell)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 35 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-08-09 | CVE-2015-0781 | Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | Zenworks_configuration_management | 9.8 | ||
| 2017-08-09 | CVE-2015-0782 | SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | Zenworks_configuration_management | 9.8 | ||
| 2017-08-09 | CVE-2015-0783 | The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | Zenworks_configuration_management | 6.5 | ||
| 2017-08-09 | CVE-2015-0784 | Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. | Zenworks_configuration_management | 7.5 | ||
| 2017-08-09 | CVE-2015-0785 | com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. | Zenworks_configuration_management | 7.5 | ||
| 2017-08-09 | CVE-2015-0786 | Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. | Zenworks_configuration_management | 9.8 | ||
| 2020-01-25 | CVE-2012-6345 | Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. | Zenworks_configuration_management | N/A | ||
| 2020-01-25 | CVE-2012-6344 | Novell ZENworks Configuration Management before 11.2.4 allows XSS. | Zenworks_configuration_management | N/A | ||
| 2013-11-02 | CVE-2013-6347 | Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors. | Zenworks_configuration_management | N/A | ||
| 2013-11-02 | CVE-2013-6346 | Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | Zenworks_configuration_management | N/A |