Filtered by vendor Novell
Subscribe
Total
675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0410 | 6 Canonical, Debian, Novell and 3 more | 9 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 6 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
|
|||||
| CVE-2015-0400 | 4 Canonical, Novell, Opensuse and 1 more | 6 Ubuntu Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 3 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
|
|||||
| CVE-2014-0600 | 1 Novell | 1 Groupwise | 2025-04-12 | 7.8 HIGH | N/A |
|
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
|
|||||
| CVE-2015-2567 | 2 Novell, Oracle | 4 Suse Linux, Suse Linux For Vmware, Suse Linux Sdk and 1 more | 2025-04-12 | 3.5 LOW | N/A |
|
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
|
|||||
| CVE-2016-1658 | 4 Debian, Google, Novell and 1 more | 4 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 1 more | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
|
|||||
| CVE-2015-2726 | 3 Mozilla, Novell, Oracle | 5 Firefox, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 2 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
|||||
| CVE-2016-1610 | 1 Novell | 1 Filr | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.
|
|||||
| CVE-2015-0403 | 2 Novell, Oracle | 3 Suse Linux Enterprise Desktop, Jdk, Jre | 2025-04-12 | 6.9 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
|
|||||
| CVE-2016-1629 | 4 Debian, Google, Novell and 1 more | 5 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
|
|||||
| CVE-2015-2713 | 3 Mozilla, Novell, Opensuse | 7 Firefox, Firefox Esr, Thunderbird and 4 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
|
|||||
| CVE-2016-1583 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
|
|||||
| CVE-2016-3672 | 3 Canonical, Linux, Novell | 9 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 6 more | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
|
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
|
|||||
| CVE-2015-8845 | 3 Linux, Novell, Suse | 8 Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 5 more | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
|
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
|
|||||
| CVE-2016-1594 | 1 Novell | 1 Service Desk | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.
|
|||||
| CVE-2015-5970 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.
|
|||||
| CVE-2016-4956 | 6 Novell, Ntp, Opensuse and 3 more | 11 Suse Manager, Ntp, Leap and 8 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
|
|||||
| CVE-2016-2184 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2025-04-12 | 4.9 MEDIUM | 4.6 MEDIUM |
|
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
|
|||||
| CVE-2015-0437 | 2 Novell, Oracle | 3 Suse Linux Enterprise Desktop, Jdk, Jre | 2025-04-12 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
|
|||||
| CVE-2015-2566 | 2 Novell, Oracle | 4 Suse Linux, Suse Linux For Vmware, Suse Linux Sdk and 1 more | 2025-04-12 | 2.8 LOW | N/A |
|
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.
|
|||||
| CVE-2015-0779 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
|
|||||
| CVE-2014-0610 | 2 Microsoft, Novell | 2 Windows, Groupwise | 2025-04-12 | 10.0 HIGH | N/A |
|
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
|
|||||
| CVE-2016-2834 | 4 Canonical, Mozilla, Novell and 1 more | 8 Ubuntu Linux, Firefox, Network Security Services and 5 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2015-2740 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.
|
|||||
| CVE-2016-4955 | 6 Novell, Ntp, Opensuse and 3 more | 11 Suse Manager, Ntp, Leap and 8 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
|
|||||
| CVE-2015-2709 | 3 Mozilla, Novell, Opensuse | 5 Firefox, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
|||||
| CVE-2016-3140 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2025-04-12 | 4.9 MEDIUM | 4.6 MEDIUM |
|
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
|
|||||
| CVE-2011-4187 | 2 Microsoft, Novell | 2 Windows, Iprint | 2025-04-11 | 10.0 HIGH | N/A |
|
Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173.
|
|||||
| CVE-2011-3173 | 1 Novell | 1 Iprint Open Enterprise Server 2 | 2025-04-11 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the GetDriverSettings function in nipplib.dll in the iPrint client in Novell Open Enterprise Server 2 (aka OES2) SP3 allows remote attackers to execute arbitrary code via a long (1) hostname or (2) port field.
|
|||||
| CVE-2011-1699 | 1 Novell | 1 Iprint | 2025-04-11 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url.
|
|||||
| CVE-2011-3176 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
|
|||||
| CVE-2012-2215 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.
|
|||||
| CVE-2009-4655 | 1 Novell | 1 Edirectory | 2025-04-11 | 7.5 HIGH | N/A |
|
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
|
|||||
| CVE-2013-1087 | 2 Microsoft, Novell | 2 Windows, Groupwise | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message.
|
|||||
| CVE-2011-2658 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws.
|
|||||
| CVE-2009-4879 | 1 Novell | 1 Access Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.
|
|||||
| CVE-2010-3264 | 1 Novell | 1 Identity Manager | 2025-04-11 | 2.1 LOW | N/A |
|
The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.
|
|||||
| CVE-2012-0434 | 1 Novell | 1 Suse Cloud | 2025-04-11 | 10.0 HIGH | N/A |
|
The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.
|
|||||
| CVE-2011-5028 | 1 Novell | 1 Sentinel Log Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2011-1708 | 1 Novell | 1 Iprint | 2025-04-11 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie.
|
|||||
| CVE-2011-1551 | 1 Novell | 1 Opensuse Factory | 2025-04-11 | 6.9 MEDIUM | N/A |
|
SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon.
|
|||||