CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-2192 189 DoS Overflow 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
2 CVE-2015-2191 189 DoS Overflow 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
3 CVE-2015-2190 19 DoS 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.
4 CVE-2015-2189 189 DoS 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.
5 CVE-2015-2188 19 DoS 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.
6 CVE-2015-2187 20 DoS Mem. Corr. 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.
7 CVE-2015-1419 Bypass 2015-01-28 2015-01-28
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
8 CVE-2015-1382 20 DoS 2015-02-03 2015-02-19
5.0
None Remote Low Not required None None Partial
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
9 CVE-2015-1381 399 DoS 2015-02-03 2015-02-19
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
10 CVE-2015-1380 20 DoS 2015-02-03 2015-02-19
5.0
None Remote Low Not required None None Partial
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
11 CVE-2015-0295 189 DoS 2015-03-25 2015-03-27
5.0
None Remote Low Not required None None Partial
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
12 CVE-2014-9640 119 DoS Overflow 2015-01-23 2015-03-23
5.0
None Remote Low Not required None None Partial
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
13 CVE-2014-8640 362 DoS 2015-01-14 2015-03-17
5.0
None Remote Low Not required None None Partial
The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.
14 CVE-2014-8080 DoS 2014-11-03 2015-03-11
5.0
None Remote Low Not required None None Partial
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
15 CVE-2014-3619 399 DoS 2015-03-27 2015-03-27
5.0
None Remote Low Not required None None Partial
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
16 CVE-2014-2386 189 DoS Overflow 2014-03-25 2014-03-25
5.0
None Remote Low Not required None None Partial
Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.
17 CVE-2014-0133 119 Exec Code Overflow 2014-03-28 2014-03-31
5.1
None Remote High Not required Partial Partial Partial
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.
18 CVE-2014-0128 20 DoS 2014-04-14 2014-04-15
5.0
None Remote Low Not required None None Partial
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
19 CVE-2013-7423 17 2015-02-24 2015-02-24
5.0
None Remote Low Not required None Partial None
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of request that trigger a call to the getaddrinfo function.
20 CVE-2013-4487 189 DoS Mem. Corr. 2013-11-20 2013-11-20
5.0
None Remote Low Not required None None Partial
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.
21 CVE-2013-4132 310 DoS 2013-09-16 2013-09-17
5.0
None Remote Low Not required None None Partial
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
22 CVE-2013-4124 189 DoS Overflow 2013-08-05 2015-03-06
5.0
None Remote Low Not required None None Partial
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
23 CVE-2013-4123 20 DoS 2013-09-16 2013-09-17
5.0
None Remote Low Not required None None Partial
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
24 CVE-2013-4111 20 2013-08-28 2013-10-30
5.8
None Remote Medium Not required Partial Partial None
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
25 CVE-2013-4082 119 DoS Overflow 2013-06-09 2014-09-23
5.0
None Remote Low Not required None None Partial
The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet.
26 CVE-2013-3708 DoS 2013-11-30 2014-02-27
5.0
None Remote Low Not required None None Partial
The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors.
27 CVE-2013-3706 22 Dir. Trav. 2014-03-06 2014-03-07
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595.
28 CVE-2013-2770 20 2013-04-07 2013-04-09
5.8
None Remote Medium Not required Partial Partial None
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate.
29 CVE-2013-1968 DoS 2013-07-31 2014-03-16
5.5
None Remote Low Single system None Partial Partial
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
30 CVE-2013-1926 +Info 2013-04-29 2013-08-22
5.8
None Remote Medium Not required Partial Partial None
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
31 CVE-2013-1093 20 2013-06-17 2013-11-06
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter.
32 CVE-2013-1084 22 Dir. Trav. 2013-11-02 2013-11-21
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/.
33 CVE-2013-0888 119 DoS Overflow 2013-02-23 2013-11-02
5.0
None Remote Low Not required None None Partial
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."
34 CVE-2012-6139 DoS 2013-04-12 2014-02-06
5.0
None Remote Low Not required None None Partial
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
35 CVE-2012-2328 310 DoS 2014-02-10 2014-02-10
5.0
None Remote Low Not required None None Partial
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.
36 CVE-2012-2215 22 Dir. Trav. 2012-04-09 2012-11-06
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.
37 CVE-2012-0419 22 Dir. Trav. 2012-09-28 2013-04-04
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.
38 CVE-2012-0410 22 Dir. Trav. 2012-07-05 2013-04-01
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter.
39 CVE-2011-3179 200 +Info 2011-12-08 2012-03-05
5.0
None Remote Low Not required Partial None None
The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command.
40 CVE-2011-3014 264 +Info 2011-08-09 2011-09-06
5.0
None Remote Low Not required Partial None None
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.
41 CVE-2011-3013 310 2011-08-09 2011-09-06
5.0
None Remote Low Not required Partial None None
WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack.
42 CVE-2011-2750 399 2011-07-17 2011-09-21
5.0
None Remote Low Not required None None Partial
NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.
43 CVE-2011-2223 310 +Info 2011-08-09 2015-03-17
5.0
None Remote Low Not required Partial None None
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
44 CVE-2011-2221 264 Bypass +Info 2011-08-09 2015-03-17
5.0
None Remote Low Not required Partial None None
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors.
45 CVE-2011-2219 DoS 2011-10-07 2012-05-14
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2218.
46 CVE-2011-2218 DoS 2011-10-07 2012-05-14
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2219.
47 CVE-2011-1711 2011-06-08 2011-09-06
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors.
48 CVE-2011-0992 399 DoS +Info 2011-04-13 2011-04-14
5.8
None Remote Medium Not required Partial None Partial
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.
49 CVE-2011-0990 362 DoS Overflow 2011-04-13 2011-04-15
5.8
None Remote Medium Not required None Partial Partial
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
50 CVE-2011-0989 264 DoS 2011-04-13 2011-04-15
5.8
None Remote Medium Not required None Partial Partial
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
Total number of vulnerabilities : 147   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.