Vulnerabilities (CVE)

Vendor filter

Novell Subscribe

Filter

1545 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-1583 3 Linux, Canonical, Novell 9 Ubuntu Linux, Suse Linux Enterprise Live Patching, Suse Linux Enterprise Software Development Kit and 6 more 2018-12-06 7.2
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc...
CVE-2016-9106 2 Novell, Qemu 2 Leap, Qemu 2018-12-01 2.1
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
CVE-2015-7547 11 Sophos, Oracle, Canonical and 8 more 31 Big-ip Policy Enforcement Manager, Linux Enterprise Debuginfo, Helion Openstack and 28 more 2018-11-30 6.8
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute...
CVE-2016-0718 8 Libexpat, Apple, Canonical and 5 more 14 Linux Enterprise Software Development Kit, Ubuntu Linux, Leap and 11 more 2018-11-16 7.5
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2016-7141 3 Haxx, Novell, Opensuse 3 Leap, Libcurl, Leap 2018-11-13 5.0
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from...
CVE-2016-5421 4 Debian, Haxx, Novell and 1 more 4 Debian Linux, Leap, Libcurl and 1 more 2018-11-13 7.5
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
CVE-2016-5420 4 Debian, Haxx, Novell and 1 more 4 Debian Linux, Leap, Libcurl and 1 more 2018-11-13 5.0
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a...
CVE-2016-5419 4 Debian, Haxx, Novell and 1 more 4 Debian Linux, Leap, Libcurl and 1 more 2018-11-13 5.0
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
CVE-2008-4480 1 Novell 1 Edirectory 2018-11-02 10.0
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation...
CVE-2008-4479 1 Novell 1 Edirectory 2018-11-02 10.0
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.
CVE-2008-0924 1 Novell 1 Edirectory 2018-11-01 6.8
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU...
CVE-2008-0927 2 Novell, Microsoft 2 Edirectory, Windows-nt 2018-10-31 5.0
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated...
CVE-2016-4913 4 Linux, Oracle, Novell and 1 more 6 Ubuntu Linux, Suse Linux Enterprise Software Development Kit, Linux Kernel and 3 more 2018-10-31 7.2
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly...
CVE-2016-2335 4 Debian, Novell, 7-zip and 1 more 5 Debian Linux, 7zip, Opensuse and 2 more 2018-10-30 6.8
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long...
CVE-2015-7976 4 Suse, Ntp, Novell and 1 more 12 Leap, Linux Enterprise Desktop, Manager and 9 more 2018-10-30 4.0
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
CVE-2015-5300 9 Fedoraproject, Redhat, Canonical and 6 more 22 Fedora, Enterprise Linux Hpc Node Eus, Enterprise Linux Server and 19 more 2018-10-30 5.0
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g...
CVE-2014-2977 4 Suse, Directfb, Novell and 1 more 8 Linux Enterprise Software Development Kit, Directfb, Linux Enterprise Desktop and 5 more 2018-10-30 10.0
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo...
CVE-2015-8778 7 Canonical, Suse, Debian and 4 more 11 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 8 more 2018-10-30 7.5
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which...
CVE-2014-2978 4 Suse, Directfb, Novell and 1 more 8 Linux Enterprise Software Development Kit, Directfb, Linux Enterprise Desktop and 5 more 2018-10-30 10.0
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an...
CVE-2014-9761 6 Gnu, Suse, Fedoraproject and 3 more 10 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 7 more 2018-10-30 7.5
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan,...