Vulnerabilities > Novell

DATE CVE VULNERABILITY TITLE RISK
2016-09-26 CVE-2016-6304 Memory Leak vulnerability in multiple products
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
network
low complexity
openssl nodejs novell CWE-401
7.5
2016-09-26 CVE-2016-4303 Classic Buffer Overflow vulnerability in multiple products
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
network
low complexity
iperf3-project novell opensuse debian CWE-120
critical
9.8
2016-09-20 CVE-2015-8924 Out-of-bounds Read vulnerability in multiple products
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
local
low complexity
libarchive novell canonical CWE-125
5.5
2016-09-20 CVE-2015-8923 Improper Input Validation vulnerability in multiple products
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
network
low complexity
libarchive novell canonical CWE-20
6.5
2016-09-20 CVE-2015-8922 NULL Pointer Dereference vulnerability in multiple products
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
local
low complexity
libarchive novell canonical oracle CWE-476
5.5
2016-09-20 CVE-2015-8921 Out-of-bounds Read vulnerability in multiple products
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
network
low complexity
novell libarchive canonical CWE-125
7.5
2016-09-20 CVE-2015-8920 Out-of-bounds Read vulnerability in multiple products
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
local
low complexity
novell canonical libarchive CWE-125
5.5
2016-09-20 CVE-2015-8919 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
network
low complexity
canonical libarchive novell CWE-119
7.5
2016-09-20 CVE-2015-8918 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
network
low complexity
novell libarchive CWE-119
7.5
2016-08-01 CVE-2016-1611 Permissions, Privileges, and Access Controls vulnerability in Novell Filr 1.2/2.0
Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands.
local
low complexity
novell CWE-264
7.8