VYPR

Linux

by SUSE S.A.

CVEs (212)

  • CVE-2004-0929Jan 27, 2005
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.

  • CVE-2004-0903Jan 27, 2005
    risk 0.01cvss epss 0.10

    Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly…

  • CVE-2004-0902Jan 27, 2005
    risk 0.01cvss epss 0.10

    Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2)…

  • CVE-2004-0888Jan 27, 2005
    risk 0.01cvss epss 0.09

    Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by…

  • CVE-2004-0914Jan 10, 2005
    risk 0.01cvss epss 0.09

    Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could…

  • CVE-2004-1154Jan 10, 2005
    risk 0.01cvss epss 0.13

    Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a…

  • CVE-2004-0867Dec 23, 2004
    risk 0.01cvss epss 0.17

    Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is…

  • CVE-2004-0803Dec 23, 2004
    risk 0.01cvss epss 0.08

    Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

  • CVE-2004-0688Oct 20, 2004
    risk 0.01cvss epss 0.07

    Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

  • CVE-2004-0687Oct 20, 2004
    risk 0.01cvss epss 0.08

    Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

  • CVE-2004-0866Sep 16, 2004
    risk 0.01cvss epss 0.10

    Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

  • CVE-2004-0461Aug 6, 2004
    risk 0.01cvss epss 0.17

    The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that…

  • CVE-2010-0230Jan 22, 2010
    risk 0.00cvss epss 0.02

    SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.

  • CVE-2009-1648Jul 5, 2009
    risk 0.00cvss epss 0.02

    The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.

  • CVE-2008-3949Sep 22, 2008
    risk 0.00cvss epss 0.01

    emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.

  • CVE-2007-6427Jan 18, 2008
    risk 0.00cvss epss 0.04

    The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

  • CVE-2007-6167Nov 29, 2007
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.

  • CVE-2007-5471Oct 16, 2007
    risk 0.00cvss epss 0.03

    libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects…

  • CVE-2007-5195Oct 14, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196.

  • CVE-2007-5196Oct 14, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.

Page 4 of 11