Vulnerabilities > Novell > Open Enterprise Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-30 | CVE-2013-2016 | Improper Privilege Management vulnerability in multiple products A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. | 6.9 |
| 2017-01-23 | CVE-2017-5182 | Information Exposure vulnerability in Novell Open Enterprise Server 11.0/2.0/2015 Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. | 7.5 |
| 2014-08-17 | CVE-2014-0609 | Security vulnerability in Novell Open Enterprise Server 11.0 Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors. | 10.0 |
| 2014-06-18 | CVE-2014-0599 | Cross-Site Scripting vulnerability in Novell Open Enterprise Server 11.0 Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-06-18 | CVE-2014-0598 | Path Traversal vulnerability in Novell Open Enterprise Server 11.0 Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors. | 10.0 |
| 2014-05-08 | CVE-2014-0595 | Buffer Errors vulnerability in Novell Open Enterprise Server 11.0 /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator. | 2.6 |
| 2013-12-01 | CVE-2013-3707 | Improper Input Validation vulnerability in Novell Open Enterprise Server 11.0 The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009. | 4.3 |
| 2013-04-07 | CVE-2013-2770 | Improper Input Validation vulnerability in Novell Kanaka 2.7/2.7.1 The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate. | 5.8 |
| 2012-02-02 | CVE-2011-4194 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Open Enterprise Server Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field. | 7.5 |
| 2009-03-30 | CVE-2009-0115 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. local low complexity christophe-varoqui fedoraproject debian avaya suse opensuse novell juniper CWE-732 | 7.8 |