Vulnerabilities > Novell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2020-8118 | Server-Side Request Forgery (SSRF) vulnerability in multiple products An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | 4.0 |
| 2020-01-31 | CVE-2015-6815 | Infinite Loop vulnerability in multiple products The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | 2.7 |
| 2020-01-25 | CVE-2012-6345 | User Enumeration Information Disclosure vulnerability in Cyber-Ark Vault Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. | 5.0 |
| 2020-01-25 | CVE-2012-6344 | Cross-site Scripting vulnerability in Novell Zenworks Configuration Management Novell ZENworks Configuration Management before 11.2.4 allows XSS. | 4.3 |
| 2019-12-31 | CVE-2013-4357 | Classic Buffer Overflow vulnerability in multiple products The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. | 5.0 |
| 2019-12-30 | CVE-2013-2016 | Improper Privilege Management vulnerability in multiple products A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. | 6.9 |
| 2019-12-10 | CVE-2019-13730 | Type Confusion vulnerability in multiple products Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.8 |
| 2019-04-19 | CVE-2019-11338 | NULL Pointer Dereference vulnerability in multiple products libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | 8.8 |
| 2018-03-02 | CVE-2017-9277 | Unspecified vulnerability in Novell Edirectory The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. | 5.0 |
| 2018-03-02 | CVE-2017-9267 | Unspecified vulnerability in Novell Edirectory In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. | 5.0 |