Page 38 of 671 results (0.006 seconds)

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2014-0599

https://notcve.org/view.php?id=CVE-2014-0599

Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en iPrint en Novell Open Enterprise Server (OES) 11 SP1 anterior a la actualización de mantenimiento (Maintenance Update) 9151 en Linux permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/59113 https://bugzilla.novell.com/show_bug.cgi?id=869975 https://www.novell.com/support/kb/doc.php?id=7010867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-0595

https://notcve.org/view.php?id=CVE-2014-0595

/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator. /opt/novell/ncl/bin/nwrights en Novell Client para Linux en Novell Open Enterprise Server (OES) 11 Linux SP2 no maneja debidamente cierto array, lo que permite a usuarios locales obtener el permiso S en circunstancias oportunistas mediante el aprovechamiento de la concesión del permiso F por un administrador. • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html http://www.novell.com/support/kb/doc.php?id=7014932 http://www.securityfocus.com/bid/67144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-0993

https://notcve.org/view.php?id=CVE-2011-0993

SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors. SUSE Lifecycle Management Server anterior a 1.1 utiliza credenciales postgres leíbles por todos, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html https://exchange.xforce.ibmcloud.com/vulnerabilities/95697 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

CVE-2014-0592

https://notcve.org/view.php?id=CVE-2014-0592

Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs. Barclamp (también conocido como barclamp-network) 1.7 para el framework de Crowbar, utilizado en SUSE Cloud 3, no habilita netfilter en puentes cuando crea instancias nuevas, lo que permite a atacantes remotos evadir restricciones de seguridad de grupo a través de vectores no especificados, relacionado con IPs flotantes. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00025.html http://secunia.com/advisories/57509 http://www.securityfocus.com/bid/66519 https://bugzilla.novell.com/show_bug.cgi?id=864183 https://github.com/crowbar/barclamp-network/pull/269 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 1

CVE-2014-1505 – Mozilla: SVG filters information disclosure through feDisplacementMap (MFSA 2014-28)

https://notcve.org/view.php?id=CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. La implementación del filtro SVG en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 permite a atacantes remotos obtener información sensible de correlación de desplazamiento, y posiblemente evadir Same Origin Policy y leer texto de un dominio diferente, a través de ataques de tiempos involucrando elementos feDisplacementMap, un problema relacionado con CVE-2013-1693. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2014-0310.html http://rhn.redhat.com/errata/RHSA-2014-0316.html http://www.debian.org/security/2014/dsa-2881 http://www.debian.org/security/2014/dsa-2911 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •