Novell Zenworks Configuration Management — known CVE vulnerabilities
Every CVE whose affected-product data names Novell Zenworks Configuration Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2015-0779 — CVSS 10.0 (critical): Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote…
CVE-2010-5323 — CVSS 10.0 (critical): Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10…
CVE-2010-5324 — CVSS 10.0 (critical): Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10…
CVE-2011-3175 — CVSS 10.0 (critical): Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers…
CVE-2011-3176 — CVSS 10.0 (critical): Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers…
CVE-2010-4229 — CVSS 10.0 (critical): Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell…
CVE-2013-1080 — CVSS 10.0 (critical): The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for…
CVE-2013-6345 — CVSS 10.0 (critical): Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack…
CVE-2015-0781 — CVSS 9.8 (critical): Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote…
CVE-2015-0782 — CVSS 9.8 (critical): SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows…
CVE-2015-0786 — CVSS 9.8 (critical): Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM)…
CVE-2015-0780 — CVSS 9.8 (critical): SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM)…
CVE-2015-0785 — CVSS 7.5 (high): com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read…
CVE-2015-0784 — CVSS 7.5 (high): Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value…
CVE-2013-6347 — CVSS 6.8 (medium): Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web…
CVE-2013-1079 — CVSS 6.8 (medium): Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell…
CVE-2011-2658 — CVSS 6.8 (medium): The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to…
CVE-2011-3174 — CVSS 6.8 (medium): Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell…
CVE-2013-6346 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows…
CVE-2011-2657 — CVSS 6.8 (medium): Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in…
CVE-2015-0783 — CVSS 6.5 (medium): The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the…
CVE-2013-1093 — CVSS 5.8 (medium): Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management…
CVE-2015-5970 — CVSS 5.3 (medium): The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath…
CVE-2013-1084 — CVSS 5.0 (medium): Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3…
CVE-2013-3706 — CVSS 5.0 (medium): Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to…
CVE-2012-2215 — CVSS 5.0 (medium): Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote…
CVE-2013-6344 — CVSS 4.3 (medium): The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via…
CVE-2012-2223 — CVSS 4.3 (medium): The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method…
CVE-2013-1094 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before…
CVE-2013-1097 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a…
CVE-2013-1095 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a…