Vulnerabilities (CVE)

Vendor filter

Novell Subscribe


1545 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-9277 1 Novell 1 Edirectory 2019-10-09 5.0
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
CVE-2017-9267 1 Novell 1 Edirectory 2019-10-09 5.0
In Novell eDirectory before the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
CVE-2016-9597 6 Hp, Xmlsoft, Canonical and 3 more 7 Icewall Federation Agent, Icewall File Manager, Libxml2 and 4 more 2019-10-09 5.0
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a...
CVE-2015-2301 7 Apple, Php, Canonical and 4 more 12 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 9 more 2019-10-09 7.5
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger...
CVE-2014-9709 6 Libgd, Php, Novell and 3 more 6 Php, Libgd, Opensuse and 3 more 2019-10-09 5.0
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is...
CVE-2014-3566 11 Openssl, Apple, Redhat and 8 more 21 Vios, Suse Linux Enterprise Software Development Kit, Aix and 18 more 2019-10-09 4.3
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2014-0224 5 Openssl, Fedoraproject, Novell and 2 more 9 Openssl, Enterprise Linux, Fedora and 6 more 2019-10-09 5.8
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain...
CVE-2017-7432 2 Netiq, Novell 2 Imanager, Imanager 2019-10-03 7.5
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before have a webshell upload vulnerability.
CVE-2017-5186 2 Netiq, Novell 4 Edirectory, Imanager, Edirectory and 1 more 2019-10-03 4.3
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 ( use the deprecated MD5 hashing algorithm in a...
CVE-2017-8386 6 Fedoraproject, Canonical, Debian and 3 more 6 Fedora, Ubuntu Linux, Debian Linux and 3 more 2019-10-03 6.5
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to...
CVE-2017-8932 5 Novell, Golang, Fedoraproject and 2 more 5 Suse Package Hub For Suse Linux Enterprise, Go, Fedora and 2 more 2019-10-03 4.3
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to...
CVE-2016-4448 11 Apple, Slackware, Oracle and 8 more 31 Libxml2, Tvos, Suse Linux Enterprise Software Development Kit and 28 more 2019-09-25 10.0
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2017-1000366 9 Gnu, Redhat, Suse and 6 more 24 Glibc, Enterprise Linux, Linux Enterprise Server For Raspberry Pi and 21 more 2019-09-04 7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been...
CVE-2014-7829 3 Rubyonrails, Novell, Opensuse 4 Ruby On Rails, Opensuse, Opensuse and 1 more 2019-08-08 5.0
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is...
CVE-2014-7818 3 Rubyonrails, Novell, Opensuse 4 Ruby On Rails, Opensuse, Opensuse and 1 more 2019-08-08 4.3
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is...
CVE-2015-3227 3 Rubyonrails, Novell, Opensuse 4 Ruby On Rails, Opensuse, Opensuse and 1 more 2019-08-08 5.0
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
CVE-2013-0334 4 Bundler, Fedoraproject, Novell and 1 more 4 Fedora, Bundler, Opensuse and 1 more 2019-07-16 5.0
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
CVE-2013-3567 4 Puppetlabs, Canonical, Novell and 1 more 6 Ubuntu Linux, Suse Linux Enterprise Desktop, Puppet and 3 more 2019-07-10 7.5
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
CVE-2012-3867 7 Suse, Puppetlabs, Debian and 4 more 9 Ubuntu Linux, Linux Enterprise Desktop, Debian Linux and 6 more 2019-07-10 4.3
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it...
CVE-2014-3637 3 D-bus Project, Novell, Opensuse 3 D-bus, Opensuse, Opensuse 2019-06-24 2.1
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.