Filtered by vendor Novell
Subscribe
Total
672 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0296 | 1 Novell | 2 Groupwise, Groupwise Webaccess | 2024-04-11 | 5.0 MEDIUM | N/A |
** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue. | |||||
CVE-2009-0115 | 8 Avaya, Christophe.varoqui, Debian and 5 more | 11 Intuity Audix Lx, Message Networking, Messaging Storage Server and 8 more | 2024-02-16 | 7.2 HIGH | 7.8 HIGH |
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. | |||||
CVE-2009-3547 | 7 Canonical, Fedoraproject, Linux and 4 more | 9 Ubuntu Linux, Fedora, Linux Kernel and 6 more | 2024-02-15 | 6.9 MEDIUM | 7.0 HIGH |
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. | |||||
CVE-2004-0112 | 24 4d, Apple, Avaya and 21 more | 65 Webstar, Mac Os X, Mac Os X Server and 62 more | 2024-02-15 | 5.0 MEDIUM | N/A |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | |||||
CVE-2003-0637 | 1 Novell | 1 Ichain | 2024-02-15 | 5.0 MEDIUM | N/A |
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing. | |||||
CVE-2008-4636 | 3 Novell, Opensuse, Suse | 7 Linux Desktop, Open Enterprise Server, Opensuse and 4 more | 2024-02-08 | 7.2 HIGH | N/A |
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. | |||||
CVE-2002-2119 | 1 Novell | 1 Edirectory | 2024-02-08 | 7.5 HIGH | 9.8 CRITICAL |
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing. | |||||
CVE-2021-25252 | 7 Apple, Emc, Linux and 4 more | 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. | |||||
CVE-2013-4357 | 5 Canonical, Debian, Eglibc and 2 more | 5 Ubuntu Linux, Debian Linux, Eglibc and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. | |||||
CVE-2019-13730 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2024-02-04 | 4.0 MEDIUM | 5.0 MEDIUM |
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | |||||
CVE-2012-6345 | 1 Novell | 1 Zenworks Configuration Management | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. | |||||
CVE-2015-6815 | 7 Arista, Canonical, Fedoraproject and 4 more | 11 Eos, Ubuntu Linux, Fedora and 8 more | 2024-02-04 | 2.7 LOW | 3.5 LOW |
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | |||||
CVE-2012-6344 | 1 Novell | 1 Zenworks Configuration Management | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Novell ZENworks Configuration Management before 11.2.4 allows XSS. | |||||
CVE-2013-2016 | 3 Debian, Novell, Qemu | 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. | |||||
CVE-2019-9811 | 4 Debian, Mozilla, Novell and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-02-04 | 5.1 MEDIUM | 8.3 HIGH |
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
CVE-2019-11338 | 4 Canonical, Debian, Ffmpeg and 1 more | 4 Ubuntu Linux, Debian Linux, Ffmpeg and 1 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | |||||
CVE-2019-11717 | 4 Debian, Mozilla, Novell and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
CVE-2017-9267 | 1 Novell | 1 Edirectory | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. | |||||
CVE-2017-9277 | 1 Novell | 1 Edirectory | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. |