openSUSE
by SUSE S.A.
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-0469 | Cri | 0.57 | 9.8 | 0.02 | Aug 17, 2017 | Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | ||
| CVE-2008-3188 | Hig | 0.49 | 7.5 | 0.01 | Jul 22, 2008 | libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords. | ||
| CVE-2010-3087 | 0.00 | — | 0.03 | Sep 28, 2010 | LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. | |||
| CVE-2010-0230 | 0.00 | — | 0.02 | Jan 22, 2010 | SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions. | |||
| CVE-2009-0310 | 0.00 | — | 0.00 | Feb 18, 2009 | Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings." | |||
| CVE-2008-3067 | 0.00 | — | 0.00 | Jul 7, 2008 | sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits. | |||
| CVE-2008-2667 | 0.00 | — | 0.02 | Jul 7, 2008 | SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the… | |||
| CVE-2008-0731 | 0.00 | — | 0.01 | Feb 12, 2008 | The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task. | |||
| CVE-2007-5200 | 0.00 | — | 0.00 | Oct 14, 2007 | hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file. | |||
| CVE-2007-2654 | 0.00 | — | 0.00 | May 14, 2007 | xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems. |
- risk 0.57cvss 9.8epss 0.02
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.
- risk 0.49cvss 7.5epss 0.01
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.
- CVE-2010-3087Sep 28, 2010risk 0.00cvss —epss 0.03
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.
- CVE-2010-0230Jan 22, 2010risk 0.00cvss —epss 0.02
SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
- CVE-2009-0310Feb 18, 2009risk 0.00cvss —epss 0.00
Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings."
- CVE-2008-3067Jul 7, 2008risk 0.00cvss —epss 0.00
sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.
- CVE-2008-2667Jul 7, 2008risk 0.00cvss —epss 0.02
SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the…
- CVE-2008-0731Feb 12, 2008risk 0.00cvss —epss 0.01
The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task.
- CVE-2007-5200Oct 14, 2007risk 0.00cvss —epss 0.00
hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.
- CVE-2007-2654May 14, 2007risk 0.00cvss —epss 0.00
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.