CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4007 Exec Code 2016-04-13 2016-04-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."
2 CVE-2016-2799 119 DoS Overflow 2016-03-13 2016-05-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
3 CVE-2016-2794 119 DoS Overflow 2016-03-13 2016-05-12
9.3
None Remote Medium Not required Complete Complete Complete
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
4 CVE-2016-2324 119 Exec Code Overflow 2016-04-08 2016-05-04
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
5 CVE-2016-2315 119 Exec Code Overflow 2016-04-08 2016-04-11
10.0
None Remote Low Not required Complete Complete Complete
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
6 CVE-2016-1962 Exec Code 2016-03-13 2016-05-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.
7 CVE-2015-8863 119 DoS Overflow 2016-05-06 2016-05-13
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
8 CVE-2015-7805 119 Overflow 2015-11-17 2015-11-24
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.
9 CVE-2015-7552 119 DoS Exec Code Overflow 2016-04-18 2016-04-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
10 CVE-2015-6855 264 DoS 2015-11-06 2015-11-09
10.0
None Remote Low Not required Complete Complete Complete
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
11 CVE-2015-5957 119 Overflow 2015-09-28 2015-09-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name.
12 CVE-2015-4493 119 Exec Code Overflow 2015-08-15 2015-10-22
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.
13 CVE-2015-4486 119 DoS Exec Code Overflow 2015-08-15 2015-08-26
10.0
None Remote Low Not required Complete Complete Complete
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
14 CVE-2015-4485 119 Exec Code Overflow 2015-08-15 2015-08-26
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
15 CVE-2015-4480 189 Exec Code Overflow 2015-08-15 2015-08-26
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding.
16 CVE-2015-4479 189 Exec Code Overflow 2015-08-15 2015-08-27
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.
17 CVE-2015-4477 Exec Code 2015-08-15 2016-05-27
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.
18 CVE-2015-4474 DoS Exec Code Mem. Corr. 2015-08-15 2015-08-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
19 CVE-2015-4473 119 DoS Exec Code Overflow Mem. Corr. 2015-08-15 2015-08-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
20 CVE-2015-2740 119 DoS Overflow 2015-07-05 2015-08-31
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.
21 CVE-2015-2739 119 Overflow 2015-07-05 2015-08-31
10.0
None Remote Low Not required Complete Complete Complete
The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.
22 CVE-2015-2736 17 2015-07-05 2015-09-08
9.3
None Remote Medium Not required Complete Complete Complete
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
23 CVE-2015-2735 17 2015-07-05 2015-08-27
9.3
None Remote Medium Not required Complete Complete Complete
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
24 CVE-2015-2733 Exec Code 2015-07-05 2016-04-05
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.
25 CVE-2015-2726 119 DoS Exec Code Overflow Mem. Corr. 2015-07-05 2015-09-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
26 CVE-2015-2725 119 DoS Exec Code Overflow Mem. Corr. 2015-07-05 2015-09-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
27 CVE-2015-2724 119 DoS Exec Code Overflow Mem. Corr. 2015-07-05 2015-09-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
28 CVE-2015-2722 Exec Code 2015-07-05 2015-09-03
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.
29 CVE-2015-0779 22 Exec Code Dir. Trav. 2015-06-07 2015-06-08
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
30 CVE-2015-0492 2015-04-16 2016-03-31
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484.
31 CVE-2015-0491 2015-04-16 2015-08-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.
32 CVE-2015-0459 2015-04-16 2016-04-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.
33 CVE-2015-0240 17 Exec Code 2015-02-23 2015-05-11
10.0
None Remote Low Not required Complete Complete Complete
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
34 CVE-2014-9496 119 Overflow 2015-01-16 2015-11-19
10.0
None Remote Low Not required Complete Complete Complete
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
35 CVE-2014-9488 119 Overflow 2015-04-14 2015-04-15
10.0
None Remote Low Not required Complete Complete Complete
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
36 CVE-2014-2978 119 DoS Exec Code Overflow 2014-06-11 2016-04-07
10.0
None Remote Low Not required Complete Complete Complete
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
37 CVE-2014-2977 189 DoS Exec Code Overflow 2014-06-11 2016-04-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
38 CVE-2014-0610 DoS Exec Code 2014-09-04 2014-09-08
10.0
None Remote Low Not required Complete Complete Complete
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
39 CVE-2014-0609 2014-08-17 2014-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors.
40 CVE-2014-0598 22 Dir. Trav. 2014-06-18 2014-06-21
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors.
41 CVE-2014-0553 Exec Code 2014-09-09 2015-11-10
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors.
42 CVE-2014-0247 2014-07-03 2015-03-17
10.0
None Remote Low Not required Complete Complete Complete
LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.
43 CVE-2014-0187 264 Bypass 2014-04-28 2015-12-14
9.0
None Remote Low Single system Complete Complete Complete
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.
44 CVE-2013-6345 2013-11-02 2013-11-04
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception."
45 CVE-2013-3268 287 2013-04-24 2013-05-03
10.0
None Remote Low Not required Complete Complete Complete
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.
46 CVE-2013-2555 189 Exec Code Overflow 2013-03-11 2014-03-26
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
47 CVE-2013-1379 119 DoS Exec Code Overflow Mem. Corr. 2013-04-09 2015-11-10
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
48 CVE-2013-1091 119 Exec Code Overflow 2013-05-02 2015-10-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Novell iPrint Client before 5.90 allows remote attackers to execute arbitrary code via unspecified vectors.
49 CVE-2013-1085 119 Exec Code Overflow 2013-03-29 2013-03-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter.
50 CVE-2013-1083 2013-03-29 2013-04-02
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors.
Total number of vulnerabilities : 167   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.