Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe
Total 671 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1952 4 Mozilla, Novell, Opensuse and 1 more 6 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 3 more 2024-10-22 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-1953 3 Mozilla, Novell, Opensuse 5 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 2 more 2024-10-22 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
CVE-2005-0296 1 Novell 2 Groupwise, Groupwise Webaccess 2024-08-07 5.0 MEDIUM N/A
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
CVE-2014-7169 17 Apple, Arista, Canonical and 14 more 85 Mac Os X, Eos, Ubuntu Linux and 82 more 2024-07-24 10.0 HIGH 9.8 CRITICAL
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVE-2014-6271 17 Apple, Arista, Canonical and 14 more 85 Mac Os X, Eos, Ubuntu Linux and 82 more 2024-07-24 10.0 HIGH 9.8 CRITICAL
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVE-2015-3043 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Mac Os X, Linux Kernel and 11 more 2024-07-16 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.
CVE-2021-25252 7 Apple, Emc, Linux and 4 more 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
CVE-2015-6815 7 Arista, Canonical, Fedoraproject and 4 more 11 Eos, Ubuntu Linux, Fedora and 8 more 2024-02-28 2.7 LOW 3.5 LOW
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVE-2013-4357 5 Canonical, Debian, Eglibc and 2 more 5 Ubuntu Linux, Debian Linux, Eglibc and 2 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
CVE-2012-6345 1 Novell 1 Zenworks Configuration Management 2024-02-28 5.0 MEDIUM 7.5 HIGH
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.
CVE-2012-6344 1 Novell 1 Zenworks Configuration Management 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Novell ZENworks Configuration Management before 11.2.4 allows XSS.
CVE-2013-2016 3 Debian, Novell, Qemu 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more 2024-02-28 6.9 MEDIUM 7.8 HIGH
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
CVE-2019-13730 6 Debian, Fedoraproject, Google and 3 more 9 Debian Linux, Fedora, Chrome and 6 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-8118 3 Nextcloud, Novell, Opensuse 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle 2024-02-28 4.0 MEDIUM 5.0 MEDIUM
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
CVE-2019-11338 4 Canonical, Debian, Ffmpeg and 1 more 4 Ubuntu Linux, Debian Linux, Ffmpeg and 1 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
CVE-2019-11717 4 Debian, Mozilla, Novell and 1 more 6 Debian Linux, Firefox, Firefox Esr and 3 more 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
CVE-2019-9811 4 Debian, Mozilla, Novell and 1 more 6 Debian Linux, Firefox, Firefox Esr and 3 more 2024-02-28 5.1 MEDIUM 8.3 HIGH
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
CVE-2017-9267 1 Novell 1 Edirectory 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
CVE-2017-9277 1 Novell 1 Edirectory 2024-02-28 5.0 MEDIUM 7.5 HIGH
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
CVE-2016-9961 5 Fedoraproject, Game-music-emu Project, Novell and 2 more 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
game-music-emu before 0.6.1 mishandles unspecified integer values.