Filtered by vendor Novell
Subscribe
Total
673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9168 | 1 Novell | 1 Edirectory | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. | |||||
| CVE-2015-0784 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. | |||||
| CVE-2017-14492 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. | |||||
| CVE-2016-1603 | 1 Novell | 1 Netiq Idm Servicenow Driver | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users. | |||||
| CVE-2016-5759 | 2 Novell, Opensuse | 3 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Leap | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
| The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. | |||||
| CVE-2016-5747 | 1 Novell | 1 Edirectory | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | |||||
| CVE-2016-9167 | 1 Novell | 1 Edirectory | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. | |||||
| CVE-2016-9960 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | |||||
| CVE-2016-5762 | 1 Novell | 1 Groupwise | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-9961 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| game-music-emu before 0.6.1 mishandles unspecified integer values. | |||||
| CVE-2015-0782 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-13704 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. | |||||
| CVE-2015-7976 | 4 Novell, Ntp, Opensuse and 1 more | 10 Suse Openstack Cloud, Ntp, Leap and 7 more | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. | |||||
| CVE-2015-5219 | 10 Canonical, Debian, Fedoraproject and 7 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | |||||
| CVE-2010-4314 | 2 Microsoft, Novell | 4 Windows 7, Windows Vista, Windows Xp and 1 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter. | |||||
| CVE-2017-1000366 | 8 Debian, Gnu, Mcafee and 5 more | 20 Debian Linux, Glibc, Web Gateway and 17 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. | |||||
| CVE-2017-7430 | 2 Netiq, Novell | 2 Imanager, Imanager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. | |||||
| CVE-2016-5760 | 1 Novell | 1 Groupwise | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. | |||||
| CVE-2016-1957 | 4 Mozilla, Novell, Opensuse and 1 more | 6 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 3 more | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. | |||||
| CVE-2014-7970 | 3 Canonical, Linux, Novell | 3 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Server | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. | |||||