CVE-2014-0609
https://notcve.org/view.php?id=CVE-2014-0609
Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors. Vulnerabilidad no especificada en Novell Open Enterprise Server (OES) 11 SP1 anterior a Scheduled Maintenance Update 9415 y 11 SP2 anterior a Scheduled Maintenance Update 9413 para Linux tiene un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/59982 http://www.novell.com/support/kb/doc.php?id=7010867 http://www.novell.com/support/kb/doc.php?id=7014420 •
CVE-2014-0598
https://notcve.org/view.php?id=CVE-2014-0598
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors. Vulnerabilidad de salto de directorio en iPrint en Novell Open Enterprise Server (OES) 11 SP1 anterior a la actualización de mantenimiento (Maintenance Update) 9151 en Linux tiene impacto y vectores remotos de ataque no especificados. • http://secunia.com/advisories/59113 http://www.securityfocus.com/bid/68066 https://bugzilla.novell.com/show_bug.cgi?id=869970 https://www.novell.com/support/kb/doc.php?id=7010867 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-0599
https://notcve.org/view.php?id=CVE-2014-0599
Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en iPrint en Novell Open Enterprise Server (OES) 11 SP1 anterior a la actualización de mantenimiento (Maintenance Update) 9151 en Linux permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/59113 https://bugzilla.novell.com/show_bug.cgi?id=869975 https://www.novell.com/support/kb/doc.php?id=7010867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0595
https://notcve.org/view.php?id=CVE-2014-0595
/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator. /opt/novell/ncl/bin/nwrights en Novell Client para Linux en Novell Open Enterprise Server (OES) 11 Linux SP2 no maneja debidamente cierto array, lo que permite a usuarios locales obtener el permiso S en circunstancias oportunistas mediante el aprovechamiento de la concesión del permiso F por un administrador. • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html http://www.novell.com/support/kb/doc.php?id=7014932 http://www.securityfocus.com/bid/67144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3707
https://notcve.org/view.php?id=CVE-2013-3707
The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009. El servicio HTTPSTK en el paquete novell-nrm anterior a la versión 2.0.2-297.305.302.3 de Novell Open Enterprise Server 2 (OES 2) Linux, y OES 11 Linux Gold y SP1, no realiza las llamadas SSL_free and SSL_shutdown intencionadas para el cierre de una conexión TCP, lo que permite a atacantes remotos provocar una denegación de servicio (caída del servicio) mediante el establecimiento de varias conexiones TCP al puerto 8009. • http://www.novell.com/support/kb/doc.php?id=7014063 • CWE-20: Improper Input Validation •