Latest Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2013-12-02 CVE-2012-0434 Permissions, Privileges, and Access Controls vulnerability in Novell Suse Cloud 1.0
The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.
network
low complexity
novell
CWE-264
critical
10
2013-12-02 CVE-2012-0427 Permissions, Privileges, and Access Controls vulnerability in Opensuse 11.4
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.
local
low complexity
opensuse
CWE-264
nessus
7.2
2013-12-02 CVE-2012-0426 Race Condition vulnerability in Novell Suse Linux Enterprise for SAP Applications 11
Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory.
local
low complexity
novell
CWE-362
7.2
2013-12-02 CVE-2012-0425 Information Exposure vulnerability in Opensuse 12.1
LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.
network
low complexity
opensuse
CWE-200
7.8
2013-12-02 CVE-2012-0420 Unspecified vulnerability in Opensuse Zypper 0.11.6/1.0.2/1.6.16
zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable.
local
opensuse
nessus
4.4
2013-12-02 CVE-2012-0414 Cross-Site Scripting vulnerability in Novell Suse Manager 1.2
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name.
4.3
2013-12-01 CVE-2013-3707 Improper Input Validation vulnerability in Novell Open Enterprise Server 11.0
The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.
4.3
2013-12-01 CVE-2013-2818 Improper Input Validation vulnerability in Alstom E-Terracontrol 3.5/3.6/3.7
The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line.
4.7
2013-12-01 CVE-2013-6718 Cryptographic Issues vulnerability in IBM Advanced Management Module Firmware 3.64
The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface.
network
low complexity
ibm
CWE-310
6.4
2013-12-01 CVE-2013-3708 Unspecified vulnerability in Novell Iprint
The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors.
network
low complexity
novell
nessus
5.0