CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2017-9277 |
1 Novell |
1 Edirectory |
2019-10-09 |
5.0 |
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. |
CVE-2017-9267 |
1 Novell |
1 Edirectory |
2019-10-09 |
5.0 |
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. |
CVE-2016-9597 |
6 Hp, Xmlsoft, Canonical and 3 more |
7 Icewall Federation Agent, Icewall File Manager, Libxml2 and 4 more |
2019-10-09 |
5.0 |
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a... |
CVE-2015-2301 |
7 Apple, Php, Canonical and 4 more |
12 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 9 more |
2019-10-09 |
7.5 |
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger... |
CVE-2014-9709 |
6 Libgd, Php, Novell and 3 more |
6 Php, Libgd, Opensuse and 3 more |
2019-10-09 |
5.0 |
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is... |
CVE-2014-3566 |
11 Openssl, Apple, Redhat and 8 more |
21 Vios, Suse Linux Enterprise Software Development Kit, Aix and 18 more |
2019-10-09 |
4.3 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. |
CVE-2014-0224 |
5 Openssl, Fedoraproject, Novell and 2 more |
9 Openssl, Enterprise Linux, Fedora and 6 more |
2019-10-09 |
5.8 |
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain... |
CVE-2017-7432 |
2 Netiq, Novell |
2 Imanager, Imanager |
2019-10-03 |
7.5 |
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. |
CVE-2017-5186 |
2 Netiq, Novell |
4 Edirectory, Imanager, Edirectory and 1 more |
2019-10-03 |
4.3 |
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a... |
CVE-2017-8386 |
6 Fedoraproject, Canonical, Debian and 3 more |
6 Fedora, Ubuntu Linux, Debian Linux and 3 more |
2019-10-03 |
6.5 |
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to... |
CVE-2017-8932 |
5 Novell, Golang, Fedoraproject and 2 more |
5 Suse Package Hub For Suse Linux Enterprise, Go, Fedora and 2 more |
2019-10-03 |
4.3 |
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to... |
CVE-2016-4448 |
11 Apple, Slackware, Oracle and 8 more |
31 Libxml2, Tvos, Suse Linux Enterprise Software Development Kit and 28 more |
2019-09-25 |
10.0 |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. |
CVE-2017-1000366 |
9 Gnu, Redhat, Suse and 6 more |
24 Glibc, Enterprise Linux, Linux Enterprise Server For Raspberry Pi and 21 more |
2019-09-04 |
7.2 |
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been... |
CVE-2014-7829 |
3 Rubyonrails, Novell, Opensuse |
4 Ruby On Rails, Opensuse, Opensuse and 1 more |
2019-08-08 |
5.0 |
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is... |
CVE-2014-7818 |
3 Rubyonrails, Novell, Opensuse |
4 Ruby On Rails, Opensuse, Opensuse and 1 more |
2019-08-08 |
4.3 |
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is... |
CVE-2015-3227 |
3 Rubyonrails, Novell, Opensuse |
4 Ruby On Rails, Opensuse, Opensuse and 1 more |
2019-08-08 |
5.0 |
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. |
CVE-2013-0334 |
4 Bundler, Fedoraproject, Novell and 1 more |
4 Fedora, Bundler, Opensuse and 1 more |
2019-07-16 |
5.0 |
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. |
CVE-2013-3567 |
4 Puppetlabs, Canonical, Novell and 1 more |
6 Ubuntu Linux, Suse Linux Enterprise Desktop, Puppet and 3 more |
2019-07-10 |
7.5 |
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. |
CVE-2012-3867 |
7 Suse, Puppetlabs, Debian and 4 more |
9 Ubuntu Linux, Linux Enterprise Desktop, Debian Linux and 6 more |
2019-07-10 |
4.3 |
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it... |
CVE-2014-3637 |
3 D-bus Project, Novell, Opensuse |
3 D-bus, Opensuse, Opensuse |
2019-06-24 |
2.1 |
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. |