Vulnerabilities > Novell

DATE CVE VULNERABILITY TITLE RISK
2020-02-04 CVE-2020-8118 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
network
low complexity
nextcloud novell opensuse CWE-918
5.0
2020-01-31 CVE-2015-6815 Infinite Loop vulnerability in multiple products
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
3.5
2020-01-25 CVE-2012-6345 Unspecified vulnerability in Novell Zenworks Configuration Management
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.
network
low complexity
novell
7.5
2020-01-25 CVE-2012-6344 Cross-site Scripting vulnerability in Novell Zenworks Configuration Management
Novell ZENworks Configuration Management before 11.2.4 allows XSS.
network
low complexity
novell CWE-79
6.1
2019-12-31 CVE-2013-4357 Classic Buffer Overflow vulnerability in multiple products
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function.
7.5
2019-12-30 CVE-2013-2016 Improper Privilege Management vulnerability in multiple products
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device.
local
low complexity
qemu debian novell CWE-269
7.8
2019-12-10 CVE-2019-13730 Type Confusion vulnerability in multiple products
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2019-07-23 CVE-2019-9811 Injection vulnerability in multiple products
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation.
network
high complexity
mozilla debian novell opensuse CWE-74
8.3
2019-07-23 CVE-2019-11717 Improper Encoding or Escaping of Output vulnerability in multiple products
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes.
network
low complexity
mozilla debian novell opensuse CWE-116
5.3
2019-04-19 CVE-2019-11338 NULL Pointer Dereference vulnerability in multiple products
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
network
low complexity
ffmpeg debian novell canonical CWE-476
8.8