Filtered by vendor Novell
Subscribe
Total
670 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0296 | 1 Novell | 2 Groupwise, Groupwise Webaccess | 2024-04-11 | 5.0 MEDIUM | N/A |
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue | |||||
CVE-2009-0115 | 8 Avaya, Christophe.varoqui, Debian and 5 more | 11 Intuity Audix Lx, Message Networking, Messaging Storage Server and 8 more | 2024-02-16 | 7.2 HIGH | 7.8 HIGH |
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. | |||||
CVE-2009-3547 | 8 Canonical, Fedoraproject, Linux and 5 more | 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more | 2024-02-15 | 6.9 MEDIUM | 7.0 HIGH |
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. | |||||
CVE-2004-0112 | 24 4d, Apple, Avaya and 21 more | 65 Webstar, Mac Os X, Mac Os X Server and 62 more | 2024-02-15 | 5.0 MEDIUM | N/A |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | |||||
CVE-2003-0637 | 1 Novell | 1 Ichain | 2024-02-15 | 5.0 MEDIUM | N/A |
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing. | |||||
CVE-2008-4636 | 3 Novell, Opensuse, Suse | 7 Linux Desktop, Open Enterprise Server, Opensuse and 4 more | 2024-02-08 | 7.2 HIGH | N/A |
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. | |||||
CVE-2002-2119 | 1 Novell | 1 Edirectory | 2024-02-08 | 7.5 HIGH | 9.8 CRITICAL |
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing. | |||||
CVE-2008-5021 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-02-02 | 9.3 HIGH | N/A |
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. | |||||
CVE-2008-5038 | 1 Novell | 1 Edirectory | 2024-02-02 | 10.0 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. | |||||
CVE-2007-1285 | 5 Canonical, Novell, Php and 2 more | 7 Ubuntu Linux, Suse Linux, Php and 4 more | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | |||||
CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |||||
CVE-2021-25252 | 7 Apple, Emc, Linux and 4 more | 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. | |||||
CVE-2015-6815 | 7 Arista, Canonical, Fedoraproject and 4 more | 11 Eos, Ubuntu Linux, Fedora and 8 more | 2023-12-10 | 2.7 LOW | 3.5 LOW |
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | |||||
CVE-2019-13730 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2023-12-10 | 4.0 MEDIUM | 5.0 MEDIUM |
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | |||||
CVE-2013-4357 | 5 Canonical, Debian, Eglibc and 2 more | 5 Ubuntu Linux, Debian Linux, Eglibc and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. | |||||
CVE-2013-2016 | 3 Debian, Novell, Qemu | 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. | |||||
CVE-2012-6345 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. | |||||
CVE-2012-6344 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Novell ZENworks Configuration Management before 11.2.4 allows XSS. | |||||
CVE-2019-11338 | 4 Canonical, Debian, Ffmpeg and 1 more | 4 Ubuntu Linux, Debian Linux, Ffmpeg and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. |