Filtered by vendor Suse
Subscribe
Search
Total
979 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0883 | 2 Adobe, Suse | 4 Acrobat Reader, Open Suse, Suse Linux and 1 more | 2017-08-08 | 3.7 LOW | N/A |
| acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. | |||||
| CVE-2007-5471 | 1 Suse | 1 Suse Linux | 2017-07-29 | 7.8 HIGH | N/A |
| libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration. | |||||
| CVE-2002-2259 | 2 Gnuplot, Suse | 2 Gnuplot, Suse Linux | 2017-07-29 | 7.2 HIGH | N/A |
| Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors. | |||||
| CVE-2006-5616 | 2 Openpbs, Suse | 2 Openpbs, Suse Linux | 2017-07-20 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-0043 | 1 Suse | 1 Suse Linux | 2017-07-20 | 4.6 MEDIUM | N/A |
| Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks. | |||||
| CVE-2004-1175 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-19 | 7.5 HIGH | N/A |
| fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. | |||||
| CVE-2005-3297 | 1 Suse | 1 Suse Linux | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-3298 | 1 Suse | 1 Suse Linux | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-3013 | 1 Suse | 1 Suse Linux | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry. | |||||
| CVE-2005-0470 | 3 Gentoo, Suse, Wpa Supplicant | 3 Linux, Suse Linux, Wpa Supplicant | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. | |||||
| CVE-2005-0373 | 6 Apple, Conectiva, Cyrus and 3 more | 8 Mac Os X, Mac Os X Server, Linux and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-2004 | 1 Suse | 1 Suse Linux | 2017-07-11 | 10.0 HIGH | N/A |
| The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH. | |||||
| CVE-2004-2097 | 1 Suse | 1 Suse Linux | 2017-07-11 | 2.1 LOW | N/A |
| Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd. | |||||
| CVE-2004-1895 | 1 Suse | 1 Suse Linux | 2017-07-11 | 2.1 LOW | N/A |
| YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies. | |||||
| CVE-2004-1476 | 2 Suse, Xine | 3 Suse Linux, Xine, Xine-lib | 2017-07-11 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. | |||||
| CVE-2004-1009 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
| CVE-2004-0460 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. | |||||
| CVE-2004-1174 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." | |||||
| CVE-2004-1176 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2004-1191 | 1 Suse | 1 Suse Linux | 2017-07-11 | 1.2 LOW | N/A |
| Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages." | |||||
| CVE-2004-0816 | 2 Linux, Suse | 2 Linux Kernel, Suse Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet. | |||||
| CVE-2004-1093 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." | |||||
| CVE-2004-0986 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Fedora Core and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers. | |||||
| CVE-2004-1092 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. | |||||
| CVE-2004-0592 | 1 Suse | 1 Suse Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626. | |||||
| CVE-2004-0889 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. | |||||
| CVE-2004-0929 | 2 Libtiff, Suse | 2 Libtiff, Suse Linux | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image. | |||||
| CVE-2004-1091 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. | |||||
| CVE-2004-1090 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." | |||||
| CVE-2004-0947 | 3 Arj Software Inc., Gentoo, Suse | 3 Unarj, Linux, Suse Linux | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. | |||||
| CVE-2004-1004 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
| CVE-2004-0461 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2017-07-11 | 10.0 HIGH | N/A |
| The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. | |||||
| CVE-2004-1005 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
| CVE-2004-0887 | 2 Linux, Suse | 2 Linux Kernel, Suse Linux | 2017-07-11 | 7.2 HIGH | N/A |
| SUSE Linux Enterprise Server 9 on the S/390 platform does not properly handle a certain privileged instruction, which allows local users to gain root privileges. | |||||
| CVE-2004-0626 | 4 Conectiva, Gentoo, Linux and 1 more | 4 Linux, Linux, Linux Kernel and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type. | |||||
| CVE-2004-0802 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2017-07-11 | 5.1 MEDIUM | N/A |
| Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. | |||||
| CVE-2004-1098 | 3 Mandrakesoft, Roaring Penguin, Suse | 4 Mandrake Linux, Mandrake Linux Corporate Server, Mimedefang and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. | |||||
| CVE-2015-8929 | 2 Libarchive, Suse | 4 Libarchive, Linux Enterprise Desktop, Linux Enterprise Server and 1 more | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. | |||||
| CVE-2013-4458 | 2 Gnu, Suse | 3 Glibc, Linux Enterprise Debuginfo, Linux Enterprise Server | 2017-07-01 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. | |||||
| CVE-2016-4473 | 2 Php, Suse | 3 Php, Linux Enterprise Module For Web Scripting, Linux Enterprise Software Development Kit | 2017-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. | |||||
| CVE-2017-7995 | 3 Novell, Suse, Xen | 6 Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server, Manager and 3 more | 2017-05-15 | 1.7 LOW | 3.8 LOW |
| Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. | |||||
| CVE-2014-4039 | 3 Ppc64-diag Project, Redhat, Suse | 3 Ppc64-diag, Enterprise Linux Server, Linux Enterprise Server | 2017-01-07 | 2.1 LOW | N/A |
| ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf. | |||||
| CVE-2014-4038 | 3 Ppc64-diag Project, Redhat, Suse | 3 Ppc64-diag, Enterprise Linux Server, Linux Enterprise Server | 2017-01-07 | 4.4 MEDIUM | N/A |
| ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. | |||||
| CVE-2015-2576 | 2 Oracle, Suse | 4 Mysql, Linux Enterprise Desktop, Linux Enterprise Server and 1 more | 2017-01-03 | 2.1 LOW | N/A |
| Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. | |||||
| CVE-2015-0500 | 2 Oracle, Suse | 5 Communications Policy Management, Mysql, Suse Linux Enterprise Desktop and 2 more | 2017-01-03 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. | |||||
| CVE-2015-0439 | 3 Novell, Oracle, Suse | 5 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Mysql and 2 more | 2017-01-03 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. | |||||
| CVE-2016-7966 | 4 Debian, Fedoraproject, Kde and 1 more | 4 Debian Linux, Fedora, Kmail and 1 more | 2016-12-27 | 7.5 HIGH | 7.3 HIGH |
| Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. | |||||
| CVE-2005-2023 | 1 Suse | 1 Suse Linux | 2016-12-20 | 10.0 HIGH | N/A |
| The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail. | |||||
| CVE-2016-1601 | 1 Suse | 4 Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit and 1 more | 2016-12-01 | 10.0 HIGH | 9.8 CRITICAL |
| yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2013-6501 | 2 Php, Suse | 2 Php, Linux Enterprise Server | 2016-11-30 | 4.6 MEDIUM | N/A |
| The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c. | |||||