Search Results (676 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-1080 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
CVE-2003-1593 1 Novell 2 Netware, Netware Ftp Server 2025-04-11 N/A
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection.
CVE-2013-3710 1 Novell 1 Suse Lifecycle Management Server 2025-04-11 N/A
SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.
CVE-2010-4715 1 Novell 1 Groupwise 2025-04-11 N/A
Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2021-25252 7 Apple, Emc, Linux and 4 more 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more 2024-11-21 5.5 Medium
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
CVE-2020-8118 3 Nextcloud, Novell, Opensuse 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle 2024-11-21 5.0 Medium
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
CVE-2019-9811 5 Debian, Mozilla, Novell and 2 more 7 Debian Linux, Firefox, Firefox Esr and 4 more 2024-11-21 8.3 High
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
CVE-2019-13730 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-11-21 8.8 High
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-11338 4 Canonical, Debian, Ffmpeg and 1 more 4 Ubuntu Linux, Debian Linux, Ffmpeg and 1 more 2024-11-21 8.8 High
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
CVE-2017-9277 1 Novell 1 Edirectory 2024-11-21 N/A
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
CVE-2017-9267 1 Novell 1 Edirectory 2024-11-21 N/A
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
CVE-2015-6815 7 Arista, Canonical, Fedoraproject and 4 more 11 Eos, Ubuntu Linux, Fedora and 8 more 2024-11-21 3.5 Low
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVE-2013-4357 5 Canonical, Debian, Eglibc and 2 more 5 Ubuntu Linux, Debian Linux, Eglibc and 2 more 2024-11-21 7.5 High
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
CVE-2013-2016 3 Debian, Novell, Qemu 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more 2024-11-21 7.8 High
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
CVE-2012-6345 1 Novell 1 Zenworks Configuration Management 2024-11-21 7.5 High
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.
CVE-2012-6344 1 Novell 1 Zenworks Configuration Management 2024-11-21 6.1 Medium
Novell ZENworks Configuration Management before 11.2.4 allows XSS.