Total
22 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0599 | 1 Novell | 1 Open Enterprise Server | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-0598 | 1 Novell | 1 Open Enterprise Server | 2024-11-21 | 10.0 HIGH | N/A |
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors. | |||||
CVE-2014-0595 | 1 Novell | 1 Open Enterprise Server | 2024-11-21 | 2.6 LOW | N/A |
/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator. | |||||
CVE-2013-3707 | 1 Novell | 1 Open Enterprise Server | 2024-11-21 | 4.3 MEDIUM | N/A |
The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009. | |||||
CVE-2013-2770 | 1 Novell | 2 Kanaka, Open Enterprise Server | 2024-11-21 | 5.8 MEDIUM | N/A |
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate. | |||||
CVE-2011-4194 | 2 Linux, Novell | 2 Linux Kernel, Open Enterprise Server | 2024-11-21 | 7.5 HIGH | N/A |
Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field. | |||||
CVE-2009-0611 | 1 Novell | 1 Open Enterprise Server | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter. | |||||
CVE-2009-0115 | 8 Avaya, Christophe.varoqui, Debian and 5 more | 11 Intuity Audix Lx, Message Networking, Messaging Storage Server and 8 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. | |||||
CVE-2008-5021 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-11-21 | 9.3 HIGH | N/A |
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. | |||||
CVE-2008-4636 | 3 Novell, Opensuse, Suse | 7 Linux Desktop, Open Enterprise Server, Opensuse and 4 more | 2024-11-21 | 7.2 HIGH | N/A |
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. | |||||
CVE-2006-0999 | 1 Novell | 2 Netware, Open Enterprise Server | 2024-11-21 | 5.0 MEDIUM | N/A |
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session. | |||||
CVE-2006-0998 | 1 Novell | 2 Netware, Open Enterprise Server | 2024-11-21 | 5.0 MEDIUM | N/A |
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session. | |||||
CVE-2006-0997 | 1 Novell | 2 Netware, Open Enterprise Server | 2024-11-21 | 5.0 MEDIUM | N/A |
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic. | |||||
CVE-2006-0736 | 1 Novell | 2 Linux Desktop, Open Enterprise Server | 2024-11-21 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2005-3655 | 1 Novell | 1 Open Enterprise Server | 2024-11-21 | 7.5 HIGH | N/A |
Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. | |||||
CVE-2005-1767 | 2 Novell, Suse | 3 Linux Desktop, Open Enterprise Server, Suse Linux | 2024-11-20 | 2.1 LOW | N/A |
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception). | |||||
CVE-2005-1761 | 2 Novell, Suse | 3 Linux Desktop, Open Enterprise Server, Suse Linux | 2024-11-20 | 2.1 LOW | N/A |
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function. | |||||
CVE-2014-7169 | 17 Apple, Arista, Canonical and 14 more | 85 Mac Os X, Eos, Ubuntu Linux and 82 more | 2024-07-24 | 10.0 HIGH | 9.8 CRITICAL |
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. | |||||
CVE-2014-6271 | 17 Apple, Arista, Canonical and 14 more | 85 Mac Os X, Eos, Ubuntu Linux and 82 more | 2024-07-24 | 10.0 HIGH | 9.8 CRITICAL |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | |||||
CVE-2013-2016 | 3 Debian, Novell, Qemu | 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. |