CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 3CVE-2013-2016
https://notcve.org/view.php?id=CVE-2013-2016
30 Dec 2019 — A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. Se encontró un fallo en la manera en que qemu versión v1.3.0 y posteriores (virtio-rng) comprueba las direcciones cuando el invitado accede al espacio de c... • http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-5182
https://notcve.org/view.php?id=CVE-2017-5182
23 Jan 2017 — Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). Remote Manager en Open Enterprise Server (... • http://www.securityfocus.com/bid/95743 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 88%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 135CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0609
https://notcve.org/view.php?id=CVE-2014-0609
17 Aug 2014 — Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors. Vulnerabilidad no especificada en Novell Open Enterprise Server (OES) 11 SP1 anterior a Scheduled Maintenance Update 9415 y 11 SP2 anterior a Scheduled Maintenance Update 9413 para Linux tiene un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/59982 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0598
https://notcve.org/view.php?id=CVE-2014-0598
18 Jun 2014 — Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors. Vulnerabilidad de salto de directorio en iPrint en Novell Open Enterprise Server (OES) 11 SP1 anterior a la actualización de mantenimiento (Maintenance Update) 9151 en Linux tiene impacto y vectores remotos de ataque no especificados. • http://secunia.com/advisories/59113 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0599
https://notcve.org/view.php?id=CVE-2014-0599
18 Jun 2014 — Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en iPrint en Novell Open Enterprise Server (OES) 11 SP1 anterior a la actualización de mantenimiento (Maintenance Update) 9151 en Linux permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/59113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0595
https://notcve.org/view.php?id=CVE-2014-0595
08 May 2014 — /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator. /opt/novell/ncl/bin/nwrights en Novell Client para Linux en Novell Open Enterprise Server (OES) 11 Linux SP2 no maneja debidamente cierto array, lo que permite a usuarios locales obtener el permiso S en circunst... • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2013-3707
https://notcve.org/view.php?id=CVE-2013-3707
01 Dec 2013 — The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009. El servicio HTTPSTK en el paquete novell-nrm anterior a la versión 2.0.2-297.305.302.3 de Novell Open Enterprise Server 2 (OES 2) Linux, y... • http://www.novell.com/support/kb/doc.php?id=7014063 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4636
https://notcve.org/view.php?id=CVE-2008-4636
27 Nov 2008 — yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. yast2-backup de 2.14.2 a 2.16.6 en SUSE Linux y Novell Linux permite a usuarios locales obtener privilegios a través de metacaracteres de consola en nombres de archivos usados por el proceso de copia de respaldo. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •