|
|
Novell : Security Vulnerabilities (CVSS score between 1 and 1.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-7995 |
200 |
|
+Info |
2017-05-03 |
2017-05-15 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. |
|
2 |
CVE-2015-8552 |
20 |
|
DoS |
2016-04-13 |
2017-11-04 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks." |
|
3 |
CVE-2012-2313 |
264 |
|
|
2012-06-13 |
2016-09-06 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. |
|
4 |
CVE-2008-6722 |
200 |
|
+Info |
2009-04-14 |
2009-04-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache. |
|
5 |
CVE-2006-6306 |
|
|
|
2006-12-05 |
2018-10-17 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window. |
|
6 |
CVE-2005-1976 |
|
|
DoS Exec Code |
2005-12-31 |
2008-09-05 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files. |
Total number of vulnerabilities : 6
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
