CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell » Open Enterprise Server : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-0609 2014-08-17 2014-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors.
2 CVE-2014-0599 79 XSS 2014-06-18 2014-06-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3 CVE-2014-0598 22 Dir. Trav. 2014-06-18 2014-06-21
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors.
4 CVE-2014-0595 119 Overflow 2014-05-08 2014-05-08
2.6
None Local High Not required Partial Partial None
/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.
5 CVE-2013-3707 20 DoS 2013-12-01 2013-12-02
4.3
None Remote Medium Not required None None Partial
The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.
6 CVE-2011-4194 119 Exec Code Overflow 2012-02-01 2012-02-02
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field.
7 CVE-2009-0611 79 1 XSS 2009-02-17 2009-02-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.
8 CVE-2006-0999 2006-03-23 2014-01-16
5.0
None Remote Low Not required Partial None None
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session.
9 CVE-2006-0998 2006-03-23 2014-01-16
5.0
None Remote Low Not required Partial None None
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session.
10 CVE-2006-0997 2006-03-23 2008-09-05
5.0
None Remote Low Not required Partial None None
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic.
11 CVE-2006-0736 Exec Code Overflow 2006-02-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors.
12 CVE-2005-3655 Exec Code Overflow 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter.
13 CVE-2005-1767 DoS 2005-08-05 2010-08-21
2.1
None Local Low Not required None None Partial
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
14 CVE-2005-1761 20 DoS 2005-08-05 2010-08-21
2.1
None Local Low Not required None None Partial
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
Total number of vulnerabilities : 14   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.