Aggregates CVE and security vulnerability intelligence across all Novell-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting, vendor risk input validation, and vendor risk memory corruption; exposure may include vendor impact file overwrite in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-12084 | A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. | [email protected] | 9.8 | 3.66% | 2025-01-15 | 2025-11-03 |
| CVE-2024-12088 | A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | [email protected] | 6.5 | 2.47% | 2025-01-14 | 2026-04-14 |
| CVE-2020-8118 | An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | [email protected] | 5.0 | 1.32% | 2020-02-04 | 2024-11-21 |
| CVE-2015-6815 | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | [email protected] | 3.5 | 1.57% | 2020-01-31 | 2024-11-21 |
| CVE-2012-6345 | Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. | [email protected] | 7.5 | 0.69% | 2020-01-25 | 2024-11-21 |
| CVE-2012-6344 | Novell ZENworks Configuration Management before 11.2.4 allows XSS. | [email protected] | 6.1 | 0.31% | 2020-01-25 | 2024-11-21 |
| CVE-2013-4357 | The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. | [email protected] | 7.5 | 1.16% | 2019-12-31 | 2024-11-21 |
| CVE-2013-2016 | A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. | [email protected] | 7.8 | 0.08% | 2019-12-30 | 2024-11-21 |
| CVE-2019-13730 | Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | [email protected] | 8.8 | 2.57% | 2019-12-10 | 2024-11-21 |
| CVE-2019-9811 | As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | [email protected] | 8.3 | 0.55% | 2019-07-23 | 2024-11-21 |
| CVE-2019-11717 | A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | [email protected] | 5.3 | 3.19% | 2019-07-23 | 2025-11-25 |
| CVE-2019-11338 | libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | [email protected] | 8.8 | 1.94% | 2019-04-19 | 2024-11-21 |
| CVE-2017-9277 | The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. | [email protected] | 4.2 | 0.38% | 2018-03-02 | 2024-11-21 |
| CVE-2017-9267 | In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. | [email protected] | 6.5 | 0.71% | 2018-03-02 | 2024-11-21 |
| CVE-2017-14496 | Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. | [email protected] | 7.5 | 16.42% | 2017-10-03 | 2026-05-13 |
| CVE-2017-14494 | dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. | [email protected] | 5.9 | 8.30% | 2017-10-03 | 2026-05-13 |
| CVE-2017-13704 | In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. | [email protected] | 7.5 | 77.79% | 2017-10-03 | 2026-05-13 |
| CVE-2016-5759 | The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. | [email protected] | 7.8 | 0.03% | 2017-09-08 | 2026-05-13 |
| CVE-2015-0786 | Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. | [email protected] | 9.8 | 29.68% | 2017-08-09 | 2026-05-13 |
| CVE-2015-0785 | com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. | [email protected] | 7.5 | 2.18% | 2017-08-09 | 2026-05-13 |