Filtered by vendor Novell
Subscribe
Total
671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13730 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2024-02-28 | 4.0 MEDIUM | 5.0 MEDIUM |
| An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | |||||
| CVE-2019-11338 | 4 Canonical, Debian, Ffmpeg and 1 more | 4 Ubuntu Linux, Debian Linux, Ffmpeg and 1 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | |||||
| CVE-2019-11717 | 4 Debian, Mozilla, Novell and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-9811 | 4 Debian, Mozilla, Novell and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-02-28 | 5.1 MEDIUM | 8.3 HIGH |
| As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2017-9267 | 1 Novell | 1 Edirectory | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. | |||||
| CVE-2017-9277 | 1 Novell | 1 Edirectory | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. | |||||
| CVE-2016-9961 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| game-music-emu before 0.6.1 mishandles unspecified integer values. | |||||
| CVE-2016-9960 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | |||||
| CVE-2015-0781 | 1 Novell | 1 Zenworks Configuration Management | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | |||||
| CVE-2016-5759 | 2 Novell, Opensuse | 3 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Leap | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
| The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. | |||||
| CVE-2017-14495 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. | |||||
| CVE-2017-14496 | 6 Canonical, Debian, Google and 3 more | 8 Ubuntu Linux, Debian Linux, Android and 5 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. | |||||
| CVE-2017-1000366 | 8 Debian, Gnu, Mcafee and 5 more | 20 Debian Linux, Glibc, Web Gateway and 17 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. | |||||
| CVE-2015-0782 | 1 Novell | 1 Zenworks Configuration Management | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-5219 | 10 Canonical, Debian, Fedoraproject and 7 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | |||||
| CVE-2015-0783 | 1 Novell | 1 Zenworks Configuration Management | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | |||||
| CVE-2017-13704 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. | |||||
| CVE-2017-14494 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. | |||||
| CVE-2015-0780 | 1 Novell | 1 Zenworks Configuration Management | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||