CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-3110
https://notcve.org/view.php?id=CVE-2010-3110
12 Oct 2010 — Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors. Múltiples desbordamientos de búfer en el módulo Novell Client novfs para el kernel Linux en SUSE Linux Enterprise 11 SP1 y openSUSE 11.3 permite a atacantes locales escalar privilegios mediante vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-1507
https://notcve.org/view.php?id=CVE-2010-1507
03 Sep 2010 — WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. WebYaST en yast2-webclient en SUSE Linux Enterprise (SLE) v11 en eWebYaST appliance usa una clave secreta fijada que es incrustadaen la imagen del dispositivo, lo que permite a atacantes remotos suplantar las cookies de sesión por conocimiento de esta clave. • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html • CWE-255: Credentials Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-1325
https://notcve.org/view.php?id=CVE-2010-1325
03 Sep 2010 — Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en apache2-slms package en SUSE Lifecycle Mana... • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-1297
https://notcve.org/view.php?id=CVE-2009-1297
23 Oct 2009 — iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name. iscsi_discovery en open-iscsi en SUSE openSUSE versión 10.3 hasta la 11.1 y SUSE Linux Enterprise (SLE) versión 10 SP2 y 11, y otros sistemas operativos, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataqu... • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1648
https://notcve.org/view.php?id=CVE-2009-1648
05 Jul 2009 — The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services. El módulo YaST2 LDAP de yast2-ldap-server de SUSE Linux Enterprise Server v11 -también conocido como SLE11-, no activa el cortafuegos en determinadas circunstancias que incluyen reinicios durante las actualizaciones en línea, esto facilita a los atacantes ... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html • CWE-16: Configuration •
CVSS: 6.1EPSS: 2%CPEs: 9EXPL: 0CVE-2008-2025
https://notcve.org/view.php?id=CVE-2008-2025
09 Apr 2009 — Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters." Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Apache Struts anteriores a v1.2.9-162.31.1 en SUSE Linux E... • http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •