Filtered by vendor Novell
Subscribe
Total
672 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2184 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
CVE-2016-4955 | 6 Novell, Ntp, Opensuse and 3 more | 11 Suse Manager, Ntp, Leap and 8 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. | |||||
CVE-2016-4569 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. | |||||
CVE-2015-2736 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2024-02-04 | 9.3 HIGH | N/A |
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. | |||||
CVE-2015-8812 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Real Time Extension | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets. | |||||
CVE-2015-2716 | 4 Mozilla, Novell, Opensuse and 1 more | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. | |||||
CVE-2016-4997 | 4 Canonical, Linux, Novell and 1 more | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 7 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. | |||||
CVE-2015-4495 | 5 Canonical, Mozilla, Novell and 2 more | 9 Ubuntu Linux, Firefox, Firefox Esr and 6 more | 2024-02-04 | 4.3 MEDIUM | N/A |
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. | |||||
CVE-2015-4861 | 4 Novell, Opensuse, Oracle and 1 more | 16 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit and 13 more | 2024-02-04 | 3.5 LOW | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | |||||
CVE-2016-2834 | 4 Canonical, Mozilla, Novell and 1 more | 8 Ubuntu Linux, Firefox, Network Security Services and 5 more | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-2185 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
CVE-2016-5829 | 3 Debian, Linux, Novell | 3 Debian Linux, Linux Kernel, Suse Linux Enterprise Real Time Extension | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. | |||||
CVE-2016-1607 | 1 Novell | 1 Filr | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request. | |||||
CVE-2016-2186 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
CVE-2016-3136 | 3 Canonical, Linux, Novell | 9 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 6 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. | |||||
CVE-2010-5323 | 1 Novell | 1 Zenworks Configuration Management | 2024-02-04 | 10.0 HIGH | N/A |
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. | |||||
CVE-2015-2728 | 3 Mozilla, Novell, Oracle | 5 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue. | |||||
CVE-2015-4913 | 4 Novell, Opensuse, Oracle and 1 more | 16 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit and 13 more | 2024-02-04 | 3.5 LOW | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. | |||||
CVE-2016-3137 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. | |||||
CVE-2016-1955 | 3 Mozilla, Novell, Opensuse | 4 Firefox, Suse Package Hub For Suse Linux Enterprise, Leap and 1 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. |