Vulnerabilities > Novell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-23 | CVE-2013-3709 | Permissions, Privileges, and Access Controls vulnerability in multiple products WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. | 7.2 |
| 2013-12-22 | CVE-2013-3705 | Improper Input Validation vulnerability in Novell Client 2.0 The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. | 4.9 |
| 2013-12-10 | CVE-2013-7042 | Permissions, Privileges, and Access Controls vulnerability in Novell Suse Lifecycle Management Server SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. | 4.6 |
| 2013-12-10 | CVE-2013-3710 | Cryptographic Issues vulnerability in Novell Suse Lifecycle Management Server SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. | 4.3 |
| 2013-12-02 | CVE-2012-0434 | Permissions, Privileges, and Access Controls vulnerability in Novell Suse Cloud 1.0 The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors. | 10.0 |
| 2013-12-02 | CVE-2012-0426 | Race Condition vulnerability in Novell Suse Linux Enterprise for SAP Applications 11 Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory. | 7.2 |
| 2013-12-02 | CVE-2012-0414 | Cross-Site Scripting vulnerability in Novell Suse Manager 1.2 Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name. | 4.3 |
| 2013-12-01 | CVE-2013-3707 | Improper Input Validation vulnerability in Novell Open Enterprise Server 11.0 The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009. | 4.3 |
| 2013-12-01 | CVE-2013-3708 | Unspecified vulnerability in Novell Iprint The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
| 2013-11-05 | CVE-2013-4419 | Permissions, Privileges, and Access Controls vulnerability in multiple products The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. | 6.8 |