Vulnerabilities > Novell
|2020-02-04||CVE-2020-8118|| Server-Side Request Forgery (SSRF) vulnerability in multiple products |
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
| 4.0 |
|2020-01-31||CVE-2015-6815|| Infinite Loop vulnerability in multiple products |
The process_tx_desc function in hw/net/e1000.c in QEMU before 22.214.171.124 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
| 2.7 |
|2020-01-25||CVE-2012-6345|| User Enumeration Information Disclosure vulnerability in Cyber-Ark Vault |
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.
| 5.0 |
|2020-01-25||CVE-2012-6344|| Cross-site Scripting vulnerability in Novell Zenworks Configuration Management |
Novell ZENworks Configuration Management before 11.2.4 allows XSS.
| 4.3 |
|2019-12-31||CVE-2013-4357|| Classic Buffer Overflow vulnerability in multiple products |
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function.
| 5.0 |
|2019-12-30||CVE-2013-2016|| Improper Privilege Management vulnerability in multiple products |
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device.
| 6.9 |
|2019-12-10||CVE-2019-13730|| Type Confusion vulnerability in multiple products |
| 6.8 |
|2019-07-23||CVE-2019-9811|| Injection vulnerability in multiple products |
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation.
| 8.3 |
|2019-07-23||CVE-2019-11717|| Improper Encoding or Escaping of Output vulnerability in multiple products |
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes.
| 5.3 |
|2019-04-19||CVE-2019-11338|| NULL Pointer Dereference vulnerability in multiple products |
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
| 8.8 |