NotCVE - vendor:"Novell" product:"Suse Linux"

Page 29 of 170 results (0.005 seconds)

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2011-0995

https://notcve.org/view.php?id=CVE-2011-0995

The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. La gema sqlite3-ruby en el paquete rubygem-sqlite3 antes de v1.2.4-0.5.1 en SUSE Linux Enterprise (SLE) v11 SP1 utiliza permisos débiles para archivos no especificados, lo que permite a usuarios locales conseguir privilegios a través de vectores desconocidos. • http://secunia.com/advisories/44418 http://support.novell.com/security/cve/CVE-2011-0995.html http://www.osvdb.org/72180 http://www.securityfocus.com/bid/47694 https://bugzilla.novell.com/show_bug.cgi?id=685928 https://exchange.xforce.ibmcloud.com/vulnerabilities/67263 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2011-0988

https://notcve.org/view.php?id=CVE-2011-0988

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. pure-ftpd 1.0.22, tal como se utiliza en SUSE Linux Enterprise Server 10 Service Pack 3 y Service Pack 4, y Enterprise Desktop 10 Service Pack 3 y Service Pack 4, cuando se ejecutan las extensiones OES Netware, crea un directorio en el que todo el mundo puede escribir, lo cual permite a usuarios locales sobrescribir archivos de forma arbitraria y ganar privilegios a través de vectores no especificados. • http://secunia.com/advisories/44039 https://exchange.xforce.ibmcloud.com/vulnerabilities/66618 https://hermes.opensuse.org/messages/7849430 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2010-3912

https://notcve.org/view.php?id=CVE-2010-3912

The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. La secuencia de comandos en supportconfig en supportutils en el SP3 de SUSE Linux Enterprise v11 Service Pack 1 y 10 no "disfraza contraseñas" en los archivos de configuración, que tiene un impacto y vectores de ataque desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://osvdb.org/70405 http://secunia.com/advisories/42877 http://www.vupen.com/english/advisories/2011/0076 https://exchange.xforce.ibmcloud.com/vulnerabilities/64690 • CWE-255: Credentials Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2010-3110

https://notcve.org/view.php?id=CVE-2010-3110

Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors. Múltiples desbordamientos de búfer en el módulo Novell Client novfs para el kernel Linux en SUSE Linux Enterprise 11 SP1 y openSUSE 11.3 permite a atacantes locales escalar privilegios mediante vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2010-1325

https://notcve.org/view.php?id=CVE-2010-1325

Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en apache2-slms package en SUSE Lifecycle Management Server (SLMS) v1.0 en SUSE Linux Enterprise (SLE) v11 permite a atacantes remotos secuestar la autenticación de víctimas no especificadas a través de vectores relacionados con parámetros citados inadecuados. NOSE: algunas fuentes reportan que esta vulnerabilidad en un producto llamado "Apache SLMS," pero ésto es incorrecto. • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://support.novell.com/security/cve/CVE-2010-1325.html http://www.securityfocus.com/bid/42121 https://bugzilla.novell.com/show_bug.cgi?id=588284 https://exchange.xforce.ibmcloud.com/vulnerabilities/61006 • CWE-352: Cross-Site Request Forgery (CSRF) •

1...27 28 29 30 31