VYPR

Vendor CVEs

Novell

All CVEs

755 total · sorted by risk
  • CVE-2019-18900Jan 24, 2020
    risk 0.00cvss epss 0.00

    : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform…

  • CVE-2019-3683Jan 17, 2020
    risk 0.00cvss epss 0.01

    The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify,…

  • CVE-2019-3685Nov 5, 2019
    risk 0.00cvss epss 0.01

    Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary

  • CVE-2019-6454Mar 17, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a…

  • CVE-2018-17949Dec 12, 2018
    risk 0.00cvss epss 0.01

    Cross site scripting vulnerability in iManager prior to 3.1 SP2.

  • CVE-2015-7833Oct 19, 2015
    risk 0.00cvss epss 0.01

    The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.

  • CVE-2014-0611Jul 22, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-2743Jul 6, 2015
    risk 0.00cvss epss 0.05

    PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

  • CVE-2015-2740Jul 6, 2015
    risk 0.00cvss epss 0.06

    Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via…

  • CVE-2015-2739Jul 6, 2015
    risk 0.00cvss epss 0.03

    The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

  • CVE-2015-2736Jul 6, 2015
    risk 0.00cvss epss 0.04

    The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

  • CVE-2015-2735Jul 6, 2015
    risk 0.00cvss epss 0.04

    nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

  • CVE-2015-2733Jul 6, 2015
    risk 0.00cvss epss 0.06

    Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a…

  • CVE-2015-2730Jul 6, 2015
    risk 0.00cvss epss 0.04

    Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote…

  • CVE-2015-2728Jul 6, 2015
    risk 0.00cvss epss 0.04

    The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a…

  • CVE-2015-2726Jul 6, 2015
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2015-2725Jul 6, 2015
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code…

  • CVE-2015-2724Jul 6, 2015
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly…

  • CVE-2015-2722Jul 6, 2015
    risk 0.00cvss epss 0.06

    Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a…

  • CVE-2015-2721Jul 6, 2015
    risk 0.00cvss epss 0.03

    Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows…

  • CVE-2015-2713May 14, 2015
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing…

  • CVE-2015-2710May 14, 2015
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets…

  • CVE-2015-2709May 14, 2015
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2015-2708May 14, 2015
    risk 0.00cvss epss 0.05

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code…

  • CVE-2015-2567Apr 16, 2015
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.

  • CVE-2015-2566Apr 16, 2015
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.

  • CVE-2015-0458Apr 16, 2015
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

  • CVE-2015-0439Apr 16, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.

  • CVE-2015-0438Apr 16, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

  • CVE-2015-0423Apr 16, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

  • CVE-2015-0405Apr 16, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.

  • CVE-2015-0437Jan 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

  • CVE-2015-0421Jan 21, 2015
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process.

  • CVE-2015-0412Jan 21, 2015
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.

  • CVE-2015-0410Jan 21, 2015
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.

  • CVE-2015-0406Jan 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.

  • CVE-2015-0403Jan 21, 2015
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

  • CVE-2015-0400Jan 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

  • CVE-2015-0395Jan 21, 2015
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

  • CVE-2015-0383Jan 21, 2015
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.

  • CVE-2014-5217Dec 23, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via…

  • CVE-2014-5215Dec 23, 2014
    risk 0.00cvss epss 0.02

    NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.

  • CVE-2014-5213Dec 19, 2014
    risk 0.00cvss epss 0.02

    nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.

  • CVE-2014-5212Dec 19, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter.

  • CVE-2014-3696Oct 29, 2014
    risk 0.00cvss epss 0.03

    nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.

  • CVE-2012-6657Sep 28, 2014
    risk 0.00cvss epss 0.01

    The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.

  • CVE-2014-0610Sep 5, 2014
    risk 0.00cvss epss 0.05

    The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.

  • CVE-2014-0600Aug 29, 2014
    risk 0.00cvss epss 0.03

    FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

  • CVE-2014-0609Aug 17, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors.

  • CVE-2014-4509Jun 21, 2014
    risk 0.00cvss epss 0.00

    The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters.

Page 8 of 16