CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Suse : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2005-4790 Exec Code 2005-12-31 2018-10-30
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.
702 CVE-2005-4789 Bypass 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level.
703 CVE-2005-4788 Bypass 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices."
704 CVE-2005-4778 2005-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified "configuration problem," which allows local users to suspend the computer and possibly perform certain other unauthorized actions.
705 CVE-2005-4772 2005-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
706 CVE-2005-3626 399 DoS 2005-12-31 2018-10-19
5.0
None Remote Low Not required None None Partial
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
707 CVE-2005-3625 399 DoS 2005-12-31 2018-10-19
10.0
None Remote Low Not required Complete Complete Complete
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
708 CVE-2005-3624 189 Overflow 2005-12-31 2018-10-19
5.0
None Remote Low Not required None Partial None
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
709 CVE-2005-3322 DoS 2005-10-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
710 CVE-2005-3321 2005-10-27 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
711 CVE-2005-3298 Exec Code Overflow 2005-10-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
712 CVE-2005-3297 Exec Code Overflow 2005-10-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
713 CVE-2005-3148 2005-10-05 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.
714 CVE-2005-3147 +Info 2005-10-05 2008-09-05
2.1
None Local Low Not required Partial None None
StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.
715 CVE-2005-3146 2005-10-05 2008-09-05
2.1
None Local Low Not required None Partial None
StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.
716 CVE-2005-3013 Exec Code Overflow 2005-09-21 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.
717 CVE-2005-2023 2005-06-17 2016-12-20
10.0
None Remote Low Not required Complete Complete Complete
The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.
718 CVE-2005-1767 DoS 2005-08-05 2017-10-11
2.1
None Local Low Not required None None Partial
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
719 CVE-2005-1763 Overflow 2005-06-09 2018-10-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.
720 CVE-2005-1761 20 DoS 2005-08-05 2018-10-19
2.1
None Local Low Not required None None Partial
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
721 CVE-2005-1043 DoS 2005-04-14 2018-10-30
5.0
None Remote Low Not required None None Partial
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
722 CVE-2005-0750 +Priv 2005-03-27 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
723 CVE-2005-0639 Exec Code Overflow 2005-03-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
724 CVE-2005-0638 Exec Code 2005-03-02 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
725 CVE-2005-0605 Exec Code Overflow 2005-03-02 2018-10-03
7.5
None Remote Low Not required Partial Partial Partial
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
726 CVE-2005-0470 DoS Overflow 2005-03-14 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
727 CVE-2005-0398 DoS 2005-03-14 2017-10-11
5.0
None Remote Low Not required None None Partial
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
728 CVE-2005-0384 DoS 2005-03-15 2018-10-03
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
729 CVE-2005-0373 Exec Code Overflow 2004-10-07 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
730 CVE-2005-0337 Bypass 2005-05-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
731 CVE-2005-0207 DoS 2005-05-02 2017-10-11
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
732 CVE-2005-0206 Overflow 2005-04-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
733 CVE-2005-0156 Exec Code Overflow 2005-02-07 2018-08-13
2.1
None Local Low Not required None Partial None
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
734 CVE-2005-0085 XSS 2005-04-27 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
735 CVE-2005-0005 Exec Code Overflow 2005-05-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
736 CVE-2004-2658 2004-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
737 CVE-2004-2097 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.
738 CVE-2004-2004 +Priv 2004-05-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.
739 CVE-2004-1895 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
740 CVE-2004-1491 Exec Code 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
741 CVE-2004-1476 Exec Code Overflow 2004-12-31 2017-07-11
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
742 CVE-2004-1237 DoS 2005-04-14 2017-10-11
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
743 CVE-2004-1235 Exec Code 2005-04-14 2017-10-11
6.2
None Local High Not required Complete Complete Complete
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
744 CVE-2004-1191 2005-01-10 2017-07-11
1.2
None Local High Not required Partial None None
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."
745 CVE-2004-1190 2005-01-10 2017-10-11
2.1
None Local Low Not required None Partial None
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
746 CVE-2004-1184 Exec Code 2005-01-21 2018-10-19
4.6
None Local Low Not required Partial Partial Partial
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
747 CVE-2004-1176 DoS Exec Code 2005-04-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
748 CVE-2004-1175 Exec Code 2005-04-14 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
749 CVE-2004-1174 DoS 2005-04-14 2017-07-11
5.0
None Remote Low Not required None None Partial
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
750 CVE-2004-1170 Exec Code 2005-01-10 2018-10-19
10.0
None Remote Low Not required Complete Complete Complete
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
Total number of vulnerabilities : 883   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.