# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2016-9960 |
369 |
|
DoS |
2017-06-06 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). |
2 |
CVE-2016-4569 |
200 |
|
+Info |
2016-05-23 |
2018-01-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. |
3 |
CVE-2016-4486 |
200 |
|
+Info |
2016-05-23 |
2018-12-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. |
4 |
CVE-2016-4482 |
200 |
|
+Info |
2016-05-23 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. |
5 |
CVE-2016-3156 |
399 |
|
DoS |
2016-04-27 |
2018-01-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. |
6 |
CVE-2015-6815 |
835 |
|
DoS |
2020-01-31 |
2021-11-30 |
2.7 |
None |
Local Network |
Low |
??? |
None |
None |
Partial |
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. |
7 |
CVE-2015-2566 |
|
|
|
2015-04-16 |
2017-01-03 |
2.8 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. |
8 |
CVE-2014-0595 |
119 |
|
Overflow |
2014-05-08 |
2020-02-24 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator. |
9 |
CVE-2012-0421 |
200 |
|
+Info |
2012-08-08 |
2012-08-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file. |
10 |
CVE-2011-0993 |
264 |
|
+Info |
2014-04-16 |
2017-08-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors. |
11 |
CVE-2010-3264 |
255 |
|
+Info |
2010-09-08 |
2010-09-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file. |
12 |
CVE-2008-0663 |
|
|
|
2008-02-08 |
2011-03-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field. |
13 |
CVE-2007-4526 |
255 |
|
+Info |
2007-08-25 |
2018-09-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file. |
14 |
CVE-2007-4394 |
|
|
|
2007-08-17 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors. |
15 |
CVE-2006-4186 |
|
|
|
2006-08-17 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. |
16 |
CVE-2006-2612 |
|
|
|
2006-05-26 |
2018-10-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt. |
17 |
CVE-2005-4791 |
|
|
Exec Code |
2005-12-31 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee. |
18 |
CVE-2005-1767 |
|
|
DoS |
2005-08-05 |
2017-10-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception). |
19 |
CVE-2005-1761 |
20 |
|
DoS |
2005-08-05 |
2018-10-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function. |
20 |
CVE-2005-1065 |
|
|
|
2005-05-02 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory. |
21 |
CVE-2004-2414 |
|
|
+Info |
2004-12-31 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. |
22 |
CVE-2002-2083 |
|
|
Bypass |
2002-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen. |
23 |
CVE-2002-1754 |
|
|
DoS Overflow |
2002-12-31 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname. |
24 |
CVE-1999-0524 |
200 |
|
+Info |
1997-08-01 |
2022-11-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. |