CVE-2014-0598
https://notcve.org/view.php?id=CVE-2014-0598
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors. Vulnerabilidad de salto de directorio en iPrint en Novell Open Enterprise Server (OES) 11 SP1 anterior a la actualización de mantenimiento (Maintenance Update) 9151 en Linux tiene impacto y vectores remotos de ataque no especificados. • http://secunia.com/advisories/59113 http://www.securityfocus.com/bid/68066 https://bugzilla.novell.com/show_bug.cgi?id=869970 https://www.novell.com/support/kb/doc.php?id=7010867 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-0599
https://notcve.org/view.php?id=CVE-2014-0599
Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en iPrint en Novell Open Enterprise Server (OES) 11 SP1 anterior a la actualización de mantenimiento (Maintenance Update) 9151 en Linux permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/59113 https://bugzilla.novell.com/show_bug.cgi?id=869975 https://www.novell.com/support/kb/doc.php?id=7010867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0595
https://notcve.org/view.php?id=CVE-2014-0595
/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator. /opt/novell/ncl/bin/nwrights en Novell Client para Linux en Novell Open Enterprise Server (OES) 11 Linux SP2 no maneja debidamente cierto array, lo que permite a usuarios locales obtener el permiso S en circunstancias oportunistas mediante el aprovechamiento de la concesión del permiso F por un administrador. • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html http://www.novell.com/support/kb/doc.php?id=7014932 http://www.securityfocus.com/bid/67144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3707
https://notcve.org/view.php?id=CVE-2013-3707
The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009. El servicio HTTPSTK en el paquete novell-nrm anterior a la versión 2.0.2-297.305.302.3 de Novell Open Enterprise Server 2 (OES 2) Linux, y OES 11 Linux Gold y SP1, no realiza las llamadas SSL_free and SSL_shutdown intencionadas para el cierre de una conexión TCP, lo que permite a atacantes remotos provocar una denegación de servicio (caída del servicio) mediante el establecimiento de varias conexiones TCP al puerto 8009. • http://www.novell.com/support/kb/doc.php?id=7014063 • CWE-20: Improper Input Validation •
CVE-2008-4636
https://notcve.org/view.php?id=CVE-2008-4636
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. yast2-backup de 2.14.2 a 2.16.6 en SUSE Linux y Novell Linux permite a usuarios locales obtener privilegios a través de metacaracteres de consola en nombres de archivos usados por el proceso de copia de respaldo. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html http://osvdb.org/50284 http://secunia.com/advisories/32832 http://www.securityfocus.com/bid/32464 https://exchange.xforce.ibmcloud.com/vulnerabilities/46879 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •