VYPR

Vendor CVEs

SUSE S.A.

All CVEs

1,445 total · sorted by risk
  • CVE-2007-5196Oct 14, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.

  • CVE-2007-5195Oct 14, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196.

  • CVE-2007-5200Oct 14, 2007
    risk 0.00cvss epss 0.00

    hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.

  • CVE-2007-4432Aug 20, 2007
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX…

  • CVE-2007-4393Aug 17, 2007
    risk 0.00cvss epss 0.00

    The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.

  • CVE-2007-4394Aug 17, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.

  • CVE-2007-4074Jul 30, 2007
    risk 0.00cvss epss 0.05

    The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote…

  • CVE-2007-4045Jul 27, 2007
    risk 0.00cvss epss 0.05

    The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL…

  • CVE-2007-2654May 14, 2007
    risk 0.00cvss epss 0.00

    xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

  • CVE-2007-0460Jan 24, 2007
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."

  • CVE-2006-6662Dec 20, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.

  • CVE-2006-5616Oct 31, 2006
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via unspecified vectors.

  • CVE-2006-2658Sep 12, 2006
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.

  • CVE-2006-2703Jun 1, 2006
    risk 0.00cvss epss 0.01

    The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack.

  • CVE-2006-2752Jun 1, 2006
    risk 0.00cvss epss 0.01

    The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password.

  • CVE-2006-2147May 2, 2006
    risk 0.00cvss epss 0.00

    resmgrd in resmgr for SUSE Linux and other distributions does not properly handle when access to a USB device is granted by using "usb:," notation, which grants access to all USB devices and allows local users to bypass intended restrictions. NOTE: this is a different…

  • CVE-2006-0803Feb 23, 2006
    risk 0.00cvss epss 0.02

    The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is…

  • CVE-2006-0646Feb 11, 2006
    risk 0.00cvss epss 0.00

    ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which…

  • CVE-2006-0043Jan 31, 2006
    risk 0.00cvss epss 0.00

    Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.

  • CVE-2005-4789Dec 31, 2005
    risk 0.00cvss epss 0.00

    resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level.

  • CVE-2005-3626Dec 31, 2005
    risk 0.00cvss epss 0.03

    Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

  • CVE-2005-4788Dec 31, 2005
    risk 0.00cvss epss 0.00

    resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices."

  • CVE-2005-4778Dec 31, 2005
    risk 0.00cvss epss 0.00

    The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified "configuration problem," which allows local users to suspend the computer and possibly perform certain other unauthorized actions.

  • CVE-2005-4772Dec 31, 2005
    risk 0.00cvss epss 0.01

    liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.

  • CVE-2005-3625Dec 31, 2005
    risk 0.00cvss epss 0.04

    Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka…

  • CVE-2005-4791Dec 31, 2005
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.

  • CVE-2005-4790Dec 31, 2005
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in…

  • CVE-2005-3624Dec 31, 2005
    risk 0.00cvss epss 0.02

    The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer…

  • CVE-2005-3322Oct 27, 2005
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).

  • CVE-2005-3321Oct 27, 2005
    risk 0.00cvss epss 0.00

    chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use…

  • CVE-2005-3298Oct 23, 2005
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2005-3148Oct 5, 2005
    risk 0.00cvss epss 0.00

    StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.

  • CVE-2005-3147Oct 5, 2005
    risk 0.00cvss epss 0.00

    StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.

  • CVE-2005-3146Oct 5, 2005
    risk 0.00cvss epss 0.00

    StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.

  • CVE-2005-3013Sep 21, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.

  • CVE-2005-1767Aug 5, 2005
    risk 0.00cvss epss 0.00

    traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).

  • CVE-2005-1761Aug 5, 2005
    risk 0.00cvss epss 0.00

    Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.

  • CVE-2005-2023Jun 17, 2005
    risk 0.00cvss epss 0.02

    The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.

  • CVE-2005-1763Jun 9, 2005
    risk 0.00cvss epss 0.00

    Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.

  • CVE-2005-1040May 2, 2005
    risk 0.00cvss epss 0.00

    Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification."

  • CVE-2005-0337May 2, 2005
    risk 0.00cvss epss 0.03

    Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

  • CVE-2005-0207May 2, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

  • CVE-2005-0005May 2, 2005
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

  • CVE-2005-0206Apr 27, 2005
    risk 0.00cvss epss 0.03

    The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

  • CVE-2005-0085Apr 27, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

  • CVE-2004-1005Apr 14, 2005
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

  • CVE-2004-1093Apr 14, 2005
    risk 0.00cvss epss 0.02

    Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

  • CVE-2004-1174Apr 14, 2005
    risk 0.00cvss epss 0.01

    direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

  • CVE-2004-1092Apr 14, 2005
    risk 0.00cvss epss 0.02

    Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

  • CVE-2004-1176Apr 14, 2005
    risk 0.00cvss epss 0.03

    Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.