20 matches found
CVE-2014-6271
CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...
CVE-2014-7169
CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...
CVE-2011-4194
Novell iPrint Server (Novell Open Enterprise Server 2, SP3 on Linux) is affected by CVE-2011-4194. The vulnerability is a buffer overflow in the mod_ipp apache module during handling of the attributes-natural-language attribute, which can cause copying of unvalidated data into a fixed-length stac...
CVE-2013-2016
CVE-2013-2016 affects qemu v1.3.0 and later (virtio-rng). The issue arises from how addresses are validated when a guest accesses the config space of a virtio device; when the device has a very small or zero-sized config space, a privileged guest could access the host’s qemu address space and pot...
CVE-2008-5021
The CVE-2008-5021 vulnerability affects Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13. It is caused by modifying properties of a file input element while it is still initializing, followed by using blur to access un...
CVE-2005-1767
CVE-2005-1767 affects Linux kernels 2.4.x and 2.6.x; the vulnerability exists in traps.c stack fault handler, allowing a local user to cause a kernel crash (Denial of Service) via stack exceptions. Public advisories (Debian, Red Hat/CentOS, Ubuntu) indicate updated kernel packages mitigate the is...
CVE-2009-0115
CVE-2009-0115 affects the device-mapper-multipath tool (multipath-tools) version 0.4.8 used in multiple Linux distributions (SUSE openSUSE, SLES, Fedora, etc.). The underlying issue is world-writable permissions on the socket file /var/run/multipathd.sock, which allows a local user to send arbitr...
CVE-2005-1761
CVE-2005-1761 affects the Linux kernel 2.6 and 2.4 on IA-64. The issue allows local users to crash the kernel (denial of service) via the ptrace mechanism and the restore_sigcontext function. The vulnerability is a local privilege/impact scenario with a kernel crash, as indicated by the CVE mappi...
CVE-2014-0595
CVE-2014-0595 affects /opt/novell/ncl/bin/nwrights in Novell Client for Linux used with Novell Open Enterprise Server 11 Linux SP2. The flaw stems from improper management of an internal array, enabling local users to obtain S-level (Supervisor) rights in opportunistic circumstances when an admin...
CVE-2006-0997
The CVE-2006-0997 affects the SSL server in NILE.NLM (Novell NetWare 6.5 and Open Enterprise Server). It allows encryption with a NULL key, causing cleartext SSL sessions that can be read by sniffing network traffic. Connected docs confirm the affected component and root cause; no remediation or ...
CVE-2006-0736
CVE-2006-0736 is a stack-based buffer overflow in the pam_micasa PAM authentication module of CASA, affecting Novell Linux Desktop 9 and Open Enterprise Server 1. The vulnerability allows remote code execution and could grant root access, via remote vectors. The SUSE advisory SUSE-SA:2006:010 con...
CVE-2005-3655
CVE-2005-3655 describes a heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) for SUSE Linux Enterprise Server 9. The vulnerability arises from improper handling of HTTP POST requests with a negative Content-Length, allowing an unauthenticated attacker to injec...
CVE-2006-0998
The CVE-2006-0998 issue affects Novell NetWare 6.5 and Novell Open Enterprise Server (OES) where the SSL server implementation in NILE.NLM can select a weak cipher instead of an available stronger cipher. This weak cipher choice enables remote attackers to sniff and potentially decrypt SSL sessio...
CVE-2006-0999
CVE-2006-0999 affects the SSL server in Novell NetWare 6.5 and Novell Open Enterprise Server (OES), where NILE.NLM can be coerced to use a weak cipher for compatibility. This could allow an attacker to decrypt content of SSL sessions by forcing weaker encryption. The description does not specify ...
CVE-2017-5182
Open Enterprise Server (OES) Remote Manager on Linux is affected by a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files via a specially crafted URL. The issue impacts multiple OES lines (e.g., OES2015 SP1 before 11080, OES2015 before 11079, OES11 SP3 ...
CVE-2014-0598
The CVE-2014-0598 entry concerns a directory traversal vulnerability in iPrint for Novell Open Enterprise Server (OES) 11 SP1 prior to Maintenance Update 9151 on Linux. The root cause is a directory traversal flaw in iPrint that could allow an attacker to access unintended files. Affected product...
CVE-2013-3707
CVE-2013-3707 affects the HTTPSTK service in the Novell Open Enterprise Server (OES) 2 Linux and OES 11 Linux Gold/SP1 releases via the novell-nrm package. The root cause is that the HTTPSTK component does not perform the intended SSL_free and SSL_shutdown on TCP connection close, enabling a remo...
CVE-2009-0611
CVE-2009-0611 affects Novell Open Enterprise Server 1.x via QuickFinder Server’s qfsearch/AdminServlet. The vulnerability is multiple cross-site scripting (XSS) in which attackers can inject arbitrary script/HTML through parameters: siteloc (displayaddsite), site (generalproperties or clusterserv...
CVE-2014-0609
Technical details for CVE-2014-0609 are not publicly available in the provided documents. Monitor for updates; information on affected products, root cause, impact, or fixes is not present in the supplied sources.
CVE-2014-0599
CVE-2014-0599 describes an XSS vulnerability in iPrint for Novell Open Enterprise Server (OES) 11 SP1 prior to Maintenance Update 9151 on Linux. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVSS v2 base score is 4.3 (Medium) with network access...