Filtered by vendor Novell
Subscriptions
Filtered by product Suse Linux
Subscriptions
Total
19 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-3110 | 2 Novell, Opensuse | 2 Suse Linux, Opensuse | 2024-09-16 | N/A |
Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors. | ||||
CVE-2010-1507 | 1 Novell | 2 Suse Linux, Webyast Appliance | 2024-09-16 | N/A |
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. | ||||
CVE-2005-4790 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2024-08-08 | N/A |
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions. | ||||
CVE-2005-4791 | 1 Novell | 1 Suse Linux | 2024-08-08 | N/A |
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee. | ||||
CVE-2005-3321 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2024-08-07 | N/A |
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions. | ||||
CVE-2006-5229 | 2 Novell, Openbsd | 2 Suse Linux, Openssh | 2024-08-07 | N/A |
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds. | ||||
CVE-2006-0803 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2024-08-07 | N/A |
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used. | ||||
CVE-2007-4432 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2024-08-07 | N/A |
Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. | ||||
CVE-2007-4394 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2024-08-07 | N/A |
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors. | ||||
CVE-2007-1285 | 5 Canonical, Novell, Php and 2 more | 10 Ubuntu Linux, Suse Linux, Php and 7 more | 2024-08-07 | 7.5 High |
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | ||||
CVE-2008-2025 | 3 Apache, Novell, Opensuse | 3 Struts, Suse Linux, Opensuse | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters." | ||||
CVE-2009-1297 | 2 Novell, Opensuse | 2 Suse Linux, Opensuse | 2024-08-07 | N/A |
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name. | ||||
CVE-2010-3912 | 1 Novell | 1 Suse Linux | 2024-08-07 | N/A |
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. | ||||
CVE-2010-1325 | 1 Novell | 2 Suse Lifecycle Management Server, Suse Linux | 2024-08-07 | N/A |
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect. | ||||
CVE-2011-0988 | 2 Novell, Pureftpd | 2 Suse Linux, Pure-ftpd | 2024-08-06 | N/A |
pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. | ||||
CVE-2012-0414 | 1 Novell | 2 Suse Linux, Suse Manager | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name. | ||||
CVE-2013-4854 | 10 Fedoraproject, Freebsd, Hp and 7 more | 12 Fedora, Freebsd, Hp-ux and 9 more | 2024-08-06 | N/A |
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. | ||||
CVE-2015-2566 | 2 Novell, Oracle | 4 Suse Linux, Suse Linux For Vmware, Suse Linux Sdk and 1 more | 2024-08-06 | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. | ||||
CVE-2015-2567 | 2 Novell, Oracle | 4 Suse Linux, Suse Linux For Vmware, Suse Linux Sdk and 1 more | 2024-08-06 | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. |
Page 1 of 1.