|2013-12-02||CVE-2012-0434|| Permissions, Privileges, and Access Controls vulnerability in Novell Suse Cloud 1.0 |
The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.
|2013-12-02||CVE-2012-0427|| Permissions, Privileges, and Access Controls vulnerability in Opensuse 11.4 |
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.
|2013-12-02||CVE-2012-0426|| Race Condition vulnerability in Novell Suse Linux Enterprise for SAP Applications 11 |
Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory.
|2013-12-02||CVE-2012-0425|| Information Exposure vulnerability in Opensuse 12.1 |
LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.
|2013-12-02||CVE-2012-0420|| Unspecified vulnerability in Opensuse Zypper 0.11.6/1.0.2/1.6.16 |
zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable.
|2013-12-02||CVE-2012-0414|| Cross-Site Scripting vulnerability in Novell Suse Manager 1.2 |
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name.
|2013-12-01||CVE-2013-3707|| Improper Input Validation vulnerability in Novell Open Enterprise Server 11.0 |
The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.
|2013-12-01||CVE-2013-2818|| Improper Input Validation vulnerability in Alstom E-Terracontrol 3.5/3.6/3.7 |
The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line.
|2013-12-01||CVE-2013-6718|| Cryptographic Issues vulnerability in IBM Advanced Management Module Firmware 3.64 |
The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface.
|2013-12-01||CVE-2013-3708|| Unspecified vulnerability in Novell Iprint |
The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors.