Novell Open Enterprise Server vulnerabilities

CVE-2013-2016 [HIGH] CWE-269 CVE-2013-2016: A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest access A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host

CVE-2017-5182 [HIGH] CWE-22 CVE-2017-5182: Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any a Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before

CVE-2014-7169 [CRITICAL] CVE-2014-7169: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definiti GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgi

CVE-2014-6271 [CRITICAL] CWE-78 CVE-2014-6271: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environm GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts execute

CVE-2014-0609 [CRITICAL] CVE-2014-0609: Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors.

CVE-2014-0598 [CRITICAL] CWE-22 CVE-2014-0598: Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Mai Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors.

CVE-2014-0599 [MEDIUM] CWE-79 CVE-2014-0599: Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 bef Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-0595 [LOW] CWE-119 CVE-2014-0595: /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Li /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.

CVE-2013-3707 [MEDIUM] CWE-20 CVE-2013-3707: The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise S The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connec

CVE-2011-4194 [HIGH] CWE-119 CVE-2011-4194: Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Lin Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field.

CVE-2009-0611 [MEDIUM] CWE-79 CVE-2009-0611: Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server i Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the admi

CVE-2006-0736 [CRITICAL] CVE-2006-0736: Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desk Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2005-3655 [HIGH] CVE-2005-3655: Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SU Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter.

CVE-2005-1761 [LOW] CWE-20 CVE-2005-1761: Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (k Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.

CVE-2005-1767 [LOW] CVE-2005-1767: traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, whi traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).