Vulnerabilities > Novell

DATE CVE VULNERABILITY TITLE RISK
2020-02-04 CVE-2020-8118 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
network
low complexity
nextcloud opensuse novell CWE-918
4.0
2020-01-31 CVE-2015-6815 Infinite Loop vulnerability in multiple products
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
2.7
2020-01-25 CVE-2012-6345 User Enumeration Information Disclosure vulnerability in Cyber-Ark Vault
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.
network
low complexity
novell
5.0
2020-01-25 CVE-2012-6344 Cross-site Scripting vulnerability in Novell Zenworks Configuration Management
Novell ZENworks Configuration Management before 11.2.4 allows XSS.
network
novell CWE-79
4.3
2019-12-31 CVE-2013-4357 Classic Buffer Overflow vulnerability in multiple products
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function.
5.0
2019-12-30 CVE-2013-2016 Improper Privilege Management vulnerability in multiple products
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device.
6.9
2019-12-10 CVE-2019-13730 Type Confusion vulnerability in multiple products
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.8
2019-04-19 CVE-2019-11338 NULL Pointer Dereference vulnerability in multiple products
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
network
low complexity
ffmpeg debian novell canonical CWE-476
8.8
2018-03-02 CVE-2017-9277 Unspecified vulnerability in Novell Edirectory
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
network
low complexity
novell
5.0
2018-03-02 CVE-2017-9267 Unspecified vulnerability in Novell Edirectory
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
network
low complexity
novell
5.0