VYPR

Suse Linux

by Novell

CVEs (18)

  • CVE-2007-1285HigMar 6, 2007
    risk 0.53cvss 7.5epss 0.18

    The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

  • CVE-2024-12088MedJan 14, 2025
    risk 0.42cvss 6.5epss 0.05

    A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary…

  • CVE-2001-1130Aug 2, 2001
    risk 0.04cvss epss 0.11

    Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable)…

  • CVE-2013-4854Jul 29, 2013
    risk 0.03cvss epss 0.34

    The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon…

  • CVE-2015-2567Apr 16, 2015
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.

  • CVE-2015-2566Apr 16, 2015
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.

  • CVE-2011-0988Apr 18, 2011
    risk 0.00cvss epss 0.00

    pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified…

  • CVE-2010-3912Jan 13, 2011
    risk 0.00cvss epss 0.02

    The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.

  • CVE-2010-3110Oct 12, 2010
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.

  • CVE-2010-1507Sep 3, 2010
    risk 0.00cvss epss 0.02

    WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.

  • CVE-2009-1297Oct 23, 2009
    risk 0.00cvss epss 0.00

    iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.

  • CVE-2007-4432Aug 20, 2007
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX…

  • CVE-2007-4394Aug 17, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.

  • CVE-2006-0803Feb 23, 2006
    risk 0.00cvss epss 0.02

    The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is…

  • CVE-2005-4791Dec 31, 2005
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.

  • CVE-2005-4790Dec 31, 2005
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in…

  • CVE-2005-3321Oct 27, 2005
    risk 0.00cvss epss 0.00

    chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use…

  • CVE-2005-3013Sep 21, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.