CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell : Security Vulnerabilities (CVSS score between 2 and 2.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-9960 369 DoS 2017-06-06 2018-10-30
2.1
 None Local Low Not required None None Partial
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
2 CVE-2016-4569 200 +Info 2016-05-23 2018-01-05
2.1
 None Local Low Not required Partial None None
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
3 CVE-2016-4486 200 +Info 2016-05-23 2018-12-20
2.1
 None Local Low Not required Partial None None
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
4 CVE-2016-4482 200 +Info 2016-05-23 2016-11-28
2.1
 None Local Low Not required Partial None None
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
5 CVE-2016-3156 399 DoS 2016-04-27 2018-01-05
2.1
 None Local Low Not required None None Partial
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
6 CVE-2015-6815 835 DoS 2020-01-31 2021-11-30
2.7
 None Local Network Low ??? None None Partial
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
7 CVE-2015-2566 2015-04-16 2017-01-03
2.8
 None Remote Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.
8 CVE-2014-0595 119 Overflow 2014-05-08 2020-02-24
2.6
 None Local High Not required Partial Partial None
/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.
9 CVE-2012-0421 200 +Info 2012-08-08 2012-08-08
2.1
 None Local Low Not required Partial None None
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file.
10 CVE-2011-0993 264 +Info 2014-04-16 2017-08-17
2.1
 None Local Low Not required Partial None None
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.
11 CVE-2010-3264 255 +Info 2010-09-08 2010-09-09
2.1
 None Local Low Not required Partial None None
The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.
12 CVE-2008-0663 2008-02-08 2011-03-08
2.1
 None Local Low Not required Partial None None
Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field.
13 CVE-2007-4526 255 +Info 2007-08-25 2018-09-27
2.1
 None Local Low Not required Partial None None
The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file.
14 CVE-2007-4394 2007-08-17 2018-10-30
2.1
 None Local Low Not required None None Partial
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
15 CVE-2006-4186 2006-08-17 2008-09-05
2.1
 None Local Low Not required Partial None None
The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file.
16 CVE-2006-2612 2006-05-26 2018-10-18
2.1
 None Local Low Not required Partial None None
Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt.
17 CVE-2005-4791 Exec Code 2005-12-31 2018-10-30
2.1
 None Local Low Not required None Partial None
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
18 CVE-2005-1767 DoS 2005-08-05 2017-10-11
2.1
 None Local Low Not required None None Partial
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
19 CVE-2005-1761 20 DoS 2005-08-05 2018-10-19
2.1
 None Local Low Not required None None Partial
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
20 CVE-2005-1065 2005-05-02 2008-09-05
2.1
 None Local Low Not required Partial None None
tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory.
21 CVE-2004-2414 +Info 2004-12-31 2017-07-11
2.1
 None Local Low Not required Partial None None
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
22 CVE-2002-2083 Bypass 2002-12-31 2008-09-05
2.1
 None Local Low Not required Partial None None
The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.
23 CVE-2002-1754 DoS Overflow 2002-12-31 2017-07-11
2.1
 None Local Low Not required None None Partial
Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname.
24 CVE-1999-0524 200 +Info 1997-08-01 2022-11-14
2.1
 None Local Low Not required Partial None None
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Total number of vulnerabilities : 24   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.