Vulnerabilities > Novell > Suse Linux > 11

DATE CVE VULNERABILITY TITLE RISK
2013-12-02 CVE-2012-0414 Cross-Site Scripting vulnerability in Novell Suse Manager 1.2
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name.
network
novell CWE-79
4.3
2013-07-29 CVE-2013-4854 Remote Denial of Service vulnerability in ISC BIND 9 DNS RDATA Handling
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
7.8
2011-04-18 CVE-2011-0988 Permissions, Privileges, and Access Controls vulnerability in multiple products
pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
4.4
2011-01-13 CVE-2010-3912 Credentials Management vulnerability in Novell Suse Linux 10/11
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
network
low complexity
novell CWE-255
critical
10.0
2010-10-12 CVE-2010-3110 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.
local
low complexity
novell opensuse CWE-119
7.2
2010-09-03 CVE-2010-1507 Credentials Management vulnerability in Novell Suse Linux 11
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
network
low complexity
novell CWE-255
5.0
2010-09-03 CVE-2010-1325 Cross-Site Request Forgery (CSRF) vulnerability in Novell Suse Lifecycle Management Server 1.0
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting.
network
novell CWE-352
4.3
2009-10-23 CVE-2009-1297 Link Following vulnerability in multiple products
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
4.4
2009-04-09 CVE-2008-2025 Cross-Site Scripting vulnerability in Apache Struts
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
4.3