Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Max CVSS
2.8
EPSS Score
0.30%
Published
2015-04-16
Updated
2017-01-03
/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.
Max CVSS
2.6
EPSS Score
0.07%
Published
2014-05-08
Updated
2020-02-24
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
Max CVSS
1.2
EPSS Score
0.05%
Published
2012-06-13
Updated
2023-02-13
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file.
Max CVSS
2.1
EPSS Score
0.05%
Published
2012-08-08
Updated
2012-08-08
The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
Max CVSS
2.1
EPSS Score
0.05%
Published
2011-05-13
Updated
2017-08-17
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.05%
Published
2014-04-16
Updated
2017-08-17
The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.
Max CVSS
2.1
EPSS Score
0.05%
Published
2010-09-08
Updated
2010-09-09
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
Max CVSS
1.9
EPSS Score
0.17%
Published
2009-04-14
Updated
2009-04-29
Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field.
Max CVSS
2.1
EPSS Score
0.18%
Published
2008-02-08
Updated
2011-03-08
The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file.
Max CVSS
2.1
EPSS Score
0.05%
Published
2007-08-25
Updated
2018-09-27
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
Max CVSS
2.1
EPSS Score
0.05%
Published
2007-08-17
Updated
2018-10-30
Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.
Max CVSS
1.2
EPSS Score
0.59%
Published
2006-12-05
Updated
2018-10-17
The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file.
Max CVSS
2.1
EPSS Score
0.05%
Published
2006-08-17
Updated
2008-09-05
Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt.
Max CVSS
2.1
EPSS Score
0.29%
Published
2006-05-26
Updated
2018-10-18
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
Max CVSS
2.1
EPSS Score
0.08%
Published
2005-12-31
Updated
2018-10-30
Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.
Max CVSS
1.7
EPSS Score
0.06%
Published
2005-12-31
Updated
2008-09-05
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-08-05
Updated
2023-02-13
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
Max CVSS
2.1
EPSS Score
0.11%
Published
2005-08-05
Updated
2023-02-13
tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory.
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-05-02
Updated
2008-09-05
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
Max CVSS
2.1
EPSS Score
0.05%
Published
2004-12-31
Updated
2017-07-11
The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.
Max CVSS
2.1
EPSS Score
0.05%
Published
2002-12-31
Updated
2008-09-05
Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname.
Max CVSS
2.1
EPSS Score
0.05%
Published
2002-12-31
Updated
2017-07-11
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Max CVSS
2.1
EPSS Score
88.08%
Published
1997-08-01
Updated
2022-11-14
23 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!