Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan.
Max CVSS
4.9
EPSS Score
0.05%
Published
2006-08-17
Updated
2008-09-05
NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.
Max CVSS
4.9
EPSS Score
0.05%
Published
2007-06-12
Updated
2017-07-29
Unspecified vulnerability in ia32el (aka the IA 32 emulation functionality) before 7042_7022-0.4.2 in SUSE Linux Enterprise (SLE) 10 SP2 on Itanium IA64 machines allows local users to cause a denial of service (system crash) via a 32-bit x86 application.
Max CVSS
4.9
EPSS Score
0.05%
Published
2009-09-18
Updated
2009-09-18
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.
Max CVSS
4.9
EPSS Score
0.05%
Published
2014-09-28
Updated
2023-02-13
The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL.
Max CVSS
4.9
EPSS Score
0.06%
Published
2013-12-22
Updated
2013-12-23
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
Max CVSS
4.9
EPSS Score
0.36%
Published
2016-02-08
Updated
2018-10-09
The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
0.20%
Published
2015-10-19
Updated
2017-09-13
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
0.35%
Published
2016-04-27
Updated
2023-09-12
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
0.27%
Published
2016-05-02
Updated
2023-09-12
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
0.26%
Published
2016-05-02
Updated
2023-09-12
The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
0.31%
Published
2016-05-02
Updated
2023-09-12
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
0.35%
Published
2016-05-02
Updated
2023-09-12
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
Max CVSS
4.9
EPSS Score
0.73%
Published
2016-04-27
Updated
2018-01-05
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
Max CVSS
4.9
EPSS Score
1.44%
Published
2016-05-02
Updated
2023-09-12
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
Max CVSS
4.9
EPSS Score
0.24%
Published
2016-05-02
Updated
2023-09-12
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
Max CVSS
4.9
EPSS Score
0.24%
Published
2016-05-02
Updated
2023-09-12
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
1.00%
Published
2016-04-27
Updated
2023-09-12
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
1.44%
Published
2016-05-02
Updated
2023-09-12
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
Max CVSS
4.9
EPSS Score
0.32%
Published
2016-05-02
Updated
2023-09-12
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
Max CVSS
4.9
EPSS Score
0.39%
Published
2016-05-02
Updated
2017-08-13
LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.05%
Published
1993-09-16
Updated
2017-10-10
Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-12-31
Updated
2008-09-05
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.
Max CVSS
4.6
EPSS Score
0.05%
Published
2002-05-31
Updated
2016-10-18
Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password.
Max CVSS
4.6
EPSS Score
0.05%
Published
2002-12-31
Updated
2017-07-11
Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command.
Max CVSS
4.6
EPSS Score
0.08%
Published
2005-10-20
Updated
2017-07-11
113 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!