VYPR

Vendor CVEs

SUSE S.A.

All CVEs

1,448 total · sorted by risk
  • CVE-2010-2963Nov 26, 2010
    risk 0.03cvss epss 0.01

    drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and…

  • CVE-2010-4165Nov 22, 2010
    risk 0.03cvss epss 0.01

    The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a…

  • CVE-2010-3437Oct 4, 2010
    risk 0.03cvss epss 0.02

    Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via…

  • CVE-2010-3301Sep 22, 2010
    risk 0.03cvss epss 0.04

    The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by…

  • CVE-2010-2959Sep 8, 2010
    risk 0.03cvss epss 0.04

    Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service…

  • CVE-2006-0745Mar 21, 2006
    risk 0.03cvss epss 0.01

    X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the…

  • CVE-2004-1235Apr 14, 2005
    risk 0.03cvss epss 0.03

    Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

  • CVE-2005-0750Mar 27, 2005
    risk 0.03cvss epss 0.01

    The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

  • CVE-2005-0156Feb 7, 2005
    risk 0.03cvss epss 0.01

    Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

  • CVE-2004-1074Jan 10, 2005
    risk 0.03cvss epss 0.01

    The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.

  • CVE-2004-1073Jan 10, 2005
    risk 0.03cvss epss 0.01

    The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

  • CVE-2004-0497Dec 6, 2004
    risk 0.03cvss epss 0.01

    Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.

  • CVE-2004-0554Aug 6, 2004
    risk 0.03cvss epss 0.01

    Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

  • CVE-2004-0064Feb 17, 2004
    risk 0.03cvss epss 0.01

    The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory.

  • CVE-2003-0847Nov 17, 2003
    risk 0.03cvss epss 0.01

    SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file.

  • CVE-2003-0144Mar 31, 2003
    risk 0.03cvss epss 0.02

    Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

  • CVE-2002-0004Feb 27, 2002
    risk 0.03cvss epss 0.01

    Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

  • CVE-2001-0641Sep 20, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.

  • CVE-2001-0610Aug 2, 2001
    risk 0.03cvss epss 0.01

    kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.

  • CVE-2001-0193May 3, 2001
    risk 0.03cvss epss 0.01

    Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.

  • CVE-2001-0172Mar 26, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to cause a denial of service and possibly execute arbitrary commands by via a long directory name.

  • CVE-2001-0109Mar 12, 2001
    risk 0.03cvss epss 0.01

    rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file.

  • CVE-2000-1095Jan 9, 2001
    risk 0.03cvss epss 0.01

    modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

  • CVE-2000-1134Jan 9, 2001
    risk 0.03cvss epss 0.01

    Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

  • CVE-2000-0438May 22, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.

  • CVE-2000-0293May 2, 2000
    risk 0.03cvss epss 0.01

    aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory.

  • CVE-2000-0340Apr 29, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.

  • CVE-2000-0229Mar 22, 2000
    risk 0.03cvss epss 0.01

    gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.

  • CVE-2000-0231Mar 16, 2000
    risk 0.03cvss epss 0.01

    Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.

  • CVE-2000-0218Feb 3, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.

  • CVE-2000-0362Oct 22, 1999
    risk 0.03cvss epss 0.01

    Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.

  • CVE-1999-0906Sep 23, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.

  • CVE-1999-0768Aug 25, 1999
    risk 0.03cvss epss 0.02

    Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.

  • CVE-1999-0746Aug 16, 1999
    risk 0.03cvss epss 0.06

    A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.

  • CVE-1999-0804Jun 1, 1999
    risk 0.03cvss epss 0.06

    Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

  • CVE-1999-0433Mar 21, 1999
    risk 0.03cvss epss 0.01

    XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

  • CVE-1999-0409Mar 4, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access.

  • CVE-1999-0405Feb 18, 1999
    risk 0.03cvss epss 0.01

    A buffer overflow in lsof allows local users to obtain root privilege.

  • CVE-1999-0363Feb 2, 1999
    risk 0.03cvss epss 0.01

    SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise.

  • CVE-2015-1283Jul 23, 2015
    risk 0.02cvss epss 0.19

    Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via…

  • CVE-2014-2497Mar 21, 2014
    risk 0.02cvss epss 0.22

    The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

  • CVE-2014-2324Mar 14, 2014
    risk 0.02cvss epss 0.29

    Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

  • CVE-2015-8126Nov 13, 2015
    risk 0.01cvss epss 0.10

    Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application…

  • CVE-2015-5165Aug 12, 2015
    risk 0.01cvss epss 0.13

    The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

  • CVE-2015-3209Jun 15, 2015
    risk 0.01cvss epss 0.10

    Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

  • CVE-2015-2568Apr 16, 2015
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

  • CVE-2015-0501Apr 16, 2015
    risk 0.01cvss epss 0.10

    Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

  • CVE-2015-0491Apr 16, 2015
    risk 0.01cvss epss 0.06

    Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.

  • CVE-2015-3039Apr 14, 2015
    risk 0.01cvss epss 0.08

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349,…

  • CVE-2015-3038Apr 14, 2015
    risk 0.01cvss epss 0.07

    Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…

Page 16 of 29