Filtered by vendor Suse
Subscribe
Search
Total
593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0802 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2017-07-11 | 5.1 MEDIUM | N/A |
| Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. | |||||
| CVE-2004-0626 | 4 Conectiva, Gentoo, Linux and 1 more | 4 Linux, Linux, Linux Kernel and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type. | |||||
| CVE-2004-0592 | 1 Suse | 1 Suse Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626. | |||||
| CVE-2004-1009 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
| CVE-2004-0460 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. | |||||
| CVE-2004-0461 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2017-07-11 | 10.0 HIGH | N/A |
| The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. | |||||
| CVE-2013-4458 | 2 Gnu, Suse | 3 Glibc, Linux Enterprise Debuginfo, Linux Enterprise Server | 2017-07-01 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. | |||||
| CVE-2014-4038 | 3 Ppc64-diag Project, Redhat, Suse | 3 Ppc64-diag, Enterprise Linux Server, Linux Enterprise Server | 2017-01-07 | 4.4 MEDIUM | N/A |
| ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. | |||||
| CVE-2014-4039 | 3 Ppc64-diag Project, Redhat, Suse | 3 Ppc64-diag, Enterprise Linux Server, Linux Enterprise Server | 2017-01-07 | 2.1 LOW | N/A |
| ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf. | |||||
| CVE-2015-2576 | 2 Oracle, Suse | 4 Mysql, Linux Enterprise Desktop, Linux Enterprise Server and 1 more | 2017-01-03 | 2.1 LOW | N/A |
| Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. | |||||
| CVE-2015-0500 | 2 Oracle, Suse | 5 Communications Policy Management, Mysql, Suse Linux Enterprise Desktop and 2 more | 2017-01-03 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. | |||||
| CVE-2015-0439 | 3 Novell, Oracle, Suse | 5 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Mysql and 2 more | 2017-01-03 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. | |||||
| CVE-2005-2023 | 1 Suse | 1 Suse Linux | 2016-12-20 | 10.0 HIGH | N/A |
| The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail. | |||||
| CVE-2013-6501 | 2 Php, Suse | 2 Php, Linux Enterprise Server | 2016-11-30 | 4.6 MEDIUM | N/A |
| The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c. | |||||
| CVE-2014-8162 | 2 Redhat, Suse | 2 Network Satellite, Manager | 2016-11-28 | 7.5 HIGH | N/A |
| XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors. | |||||
| CVE-2014-1501 | 4 Google, Mozilla, Oracle and 1 more | 6 Android, Firefox, Solaris and 3 more | 2016-11-17 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. | |||||
| CVE-2004-0064 | 1 Suse | 1 Suse Linux | 2016-10-18 | 2.1 LOW | N/A |
| The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory. | |||||
| CVE-2003-0846 | 1 Suse | 1 Suse Linux | 2016-10-18 | 4.6 MEDIUM | N/A |
| SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file. | |||||
| CVE-2003-0847 | 1 Suse | 1 Suse Linux | 2016-10-18 | 4.6 MEDIUM | N/A |
| SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file. | |||||
| CVE-2002-0083 | 9 Conectiva, Engardelinux, Immunix and 6 more | 11 Linux, Secure Linux, Immunix and 8 more | 2016-10-18 | 10.0 HIGH | N/A |
| Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. | |||||
| CVE-1999-1182 | 6 Caldera, Debian, Delix and 3 more | 6 Openlinux Lite, Debian Linux, Dld and 3 more | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error. | |||||
| CVE-2013-0339 | 4 Canonical, Debian, Suse and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Enterprise Server and 1 more | 2016-05-05 | 6.8 MEDIUM | N/A |
| libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE. | |||||
| CVE-2014-7811 | 2 Redhat, Suse | 3 Network Satellite, Spacewalk, Manager | 2016-04-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API. | |||||
| CVE-2013-2021 | 3 Canonical, Clamav, Suse | 3 Ubuntu Linux, Clamav, Linux Enterprise Server | 2015-09-28 | 4.3 MEDIUM | N/A |
| pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. | |||||
| CVE-2013-2020 | 3 Canonical, Clamav, Suse | 3 Ubuntu Linux, Clamav, Linux Enterprise Server | 2015-09-28 | 5.0 MEDIUM | N/A |
| Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read. | |||||
| CVE-2011-4195 | 1 Suse | 3 Kiwi, Studio Extension For System Z, Studio Onsite | 2014-04-17 | 7.5 HIGH | N/A |
| kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name. | |||||
| CVE-2011-4193 | 1 Suse | 2 Studio Extension For System Z, Studio Onsite | 2014-04-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning. | |||||
| CVE-2011-4192 | 1 Suse | 3 Kiwi, Studio Extension For System Z, Studio Onsite | 2014-04-17 | 7.5 HIGH | N/A |
| kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile." | |||||
| CVE-2011-3180 | 1 Suse | 3 Kiwi, Studio Extension For System Z, Studio Onsite | 2014-04-17 | 7.5 HIGH | N/A |
| kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown. | |||||
| CVE-2013-3712 | 1 Suse | 2 Studio Extension For System Z, Studio Onsite | 2014-03-10 | 10.0 HIGH | N/A |
| SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors. | |||||
| CVE-2013-3709 | 2 Novell, Suse | 3 Suse Lifecycle Management Server, Studio Onsite, Webyast | 2014-01-14 | 7.2 HIGH | N/A |
| WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. | |||||
| CVE-2012-0435 | 1 Suse | 1 Webyast | 2013-01-28 | 5.8 MEDIUM | N/A |
| SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. | |||||
| CVE-2010-0230 | 1 Suse | 2 Opensuse, Suse Linux | 2011-04-28 | 7.5 HIGH | N/A |
| SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2007-0980 | 3 Hp, Redhat, Suse | 4 Serviceguard For Linux, Enterprise Linux, Suse Linux and 1 more | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. | |||||
| CVE-2006-2658 | 2 Mono, Suse | 3 Xsp, Suse Linux, Suse Open Enterprise Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request. | |||||
| CVE-2007-0460 | 1 Suse | 1 Suse Linux | 2010-09-15 | 10.0 HIGH | N/A |
| Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations." | |||||
| CVE-2009-1648 | 1 Suse | 1 Suse Linux | 2009-07-06 | 7.5 HIGH | N/A |
| The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services. | |||||
| CVE-2007-5196 | 1 Suse | 1 Suse Linux | 2008-11-15 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195. | |||||
| CVE-2007-5195 | 1 Suse | 1 Suse Linux | 2008-11-15 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196. | |||||
| CVE-2007-4393 | 1 Suse | 1 Suse Linux | 2008-11-15 | 4.6 MEDIUM | N/A |
| The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions. | |||||
| CVE-2007-6167 | 1 Suse | 1 Suse Linux | 2008-11-15 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory. | |||||
| CVE-2007-2654 | 2 Suse, Xfsdump | 8 Opensuse, Suse Linux, Suse Linux Openexchange Server and 5 more | 2008-11-13 | 4.4 MEDIUM | N/A |
| xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems. | |||||
| CVE-2005-3322 | 2 Squid, Suse | 2 Squid, Suse Linux | 2008-09-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL). | |||||
| CVE-2004-0991 | 2 Mpg123, Suse | 2 Mpg123, Suse Linux | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. | |||||
| CVE-2002-1285 | 1 Suse | 1 Suse Linux | 2008-09-10 | 7.2 HIGH | N/A |
| runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments. | |||||
| CVE-2002-0762 | 1 Suse | 1 Suse Linux | 2008-09-10 | 7.2 HIGH | N/A |
| shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files. | |||||
| CVE-2002-0758 | 1 Suse | 1 Suse Linux | 2008-09-10 | 7.5 HIGH | N/A |
| ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file. | |||||
| CVE-2000-0614 | 1 Suse | 1 Suse Linux | 2008-09-10 | 10.0 HIGH | N/A |
| Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output. | |||||
| CVE-2000-0800 | 1 Suse | 1 Suse Linux | 2008-09-10 | 10.0 HIGH | N/A |
| String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges. | |||||
| CVE-2000-0340 | 1 Suse | 1 Suse Linux | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable. | |||||