Vulnerabilities > Novell > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-10 CVE-2019-13730 Type Confusion vulnerability in multiple products
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2019-07-23 CVE-2019-9811 Injection vulnerability in multiple products
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation.
network
high complexity
mozilla debian novell opensuse CWE-74
8.3
2019-04-19 CVE-2019-11338 NULL Pointer Dereference vulnerability in multiple products
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
network
low complexity
ffmpeg debian novell canonical CWE-476
8.8
2018-03-02 CVE-2017-9277 Unspecified vulnerability in Novell Edirectory
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
network
low complexity
novell
7.5
2018-03-02 CVE-2017-9267 Unspecified vulnerability in Novell Edirectory
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
network
low complexity
novell
7.5
2017-10-03 CVE-2017-14496 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
7.5
2017-10-03 CVE-2017-13704 Improper Input Validation vulnerability in multiple products
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value.
7.5
2017-09-08 CVE-2016-5759 Improper Input Validation vulnerability in multiple products
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
local
low complexity
novell opensuse CWE-20
7.8
2017-08-09 CVE-2015-0785 Information Exposure vulnerability in Novell Zenworks Configuration Management
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.
network
low complexity
novell CWE-200
7.5
2017-08-09 CVE-2015-0784 Information Exposure vulnerability in Novell Zenworks Configuration Management
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.
network
low complexity
novell CWE-200
7.5