Vulnerabilities > Novell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-04-13 | CVE-2011-0991 | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance. | 6.8 |
| 2011-04-13 | CVE-2011-0990 | Race Condition vulnerability in multiple products Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. | 5.8 |
| 2011-04-13 | CVE-2011-0989 | Permissions, Privileges, and Access Controls vulnerability in multiple products The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct. | 5.8 |
| 2011-04-10 | CVE-2011-0994 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell File Reporter Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data. | 10.0 |
| 2011-04-10 | CVE-2011-0466 | Permissions, Privileges, and Access Controls vulnerability in Novell Opensuse Build Service The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors. | 6.4 |
| 2011-04-10 | CVE-2011-0462 | Cross-Site Scripting vulnerability in Novell Opensuse Build Service Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-03-30 | CVE-2011-1551 | Permissions, Privileges, and Access Controls vulnerability in Novell Opensuse Factory SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon. | 6.9 |
| 2011-03-30 | CVE-2011-1550 | Permissions, Privileges, and Access Controls vulnerability in Gentoo Logrotate The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. | 6.3 |
| 2011-03-22 | CVE-2010-4228 | Buffer Errors vulnerability in Novell Netware 5.1/6.0/6.5 Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4. | 9.0 |
| 2011-03-09 | CVE-2011-0464 | Remote Code Execution vulnerability in Novell Vibe Onprem 3.0 Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |