CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Suse : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-3709 264 +Priv 2013-12-23 2014-01-13
7.2
None Local Low Not required Complete Complete Complete
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
2 CVE-2011-2660 20 Exec Code 2011-09-06 2011-10-25
7.5
None Remote Low Not required Partial Partial Partial
The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name.
3 CVE-2010-0230 264 Bypass 2010-01-22 2011-04-28
7.5
User Remote Low Not required Partial Partial Partial
SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
4 CVE-2009-1648 16 2009-07-05 2009-07-06
7.5
None Remote Low Not required Partial Partial Partial
The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.
5 CVE-2008-4636 20 +Priv 2008-11-26 2008-12-03
7.2
None Local Low Not required Complete Complete Complete
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
6 CVE-2008-3949 94 Exec Code 2008-09-22 2009-09-01
7.2
None Local Low Not required Complete Complete Complete
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
7 CVE-2007-6167 264 Exec Code 2007-11-28 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.
8 CVE-2007-5471 DoS 2007-10-15 2008-11-15
7.8
None Remote Low Not required None None Complete
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration.
9 CVE-2007-5196 310 2007-10-14 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.
10 CVE-2006-0745 Exec Code Bypass 2006-03-20 2010-04-02
7.2
Admin Local Low Not required Complete Complete Complete
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
11 CVE-2005-3298 Exec Code Overflow 2005-10-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
12 CVE-2005-3297 Exec Code Overflow 2005-10-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
13 CVE-2005-1763 Overflow 2005-06-09 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.
14 CVE-2005-0750 +Priv 2005-03-27 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
15 CVE-2005-0639 Exec Code Overflow 2005-03-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
16 CVE-2005-0638 Exec Code 2005-03-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
17 CVE-2005-0605 Exec Code Overflow 2005-03-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
18 CVE-2005-0373 Exec Code Overflow 2004-10-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
19 CVE-2005-0337 Bypass 2005-05-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
20 CVE-2005-0206 Overflow 2005-04-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
21 CVE-2005-0005 Exec Code Overflow 2005-05-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
22 CVE-2004-1176 DoS Exec Code 2005-04-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
23 CVE-2004-1175 Exec Code 2005-04-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
fish.c in midnight commander allows remote attackers execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
24 CVE-2004-1098 Bypass 2005-01-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.
25 CVE-2004-1096 Bypass 2005-01-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
26 CVE-2004-1072 DoS Exec Code Overflow 2005-01-10 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.
27 CVE-2004-1071 Exec Code 2005-01-10 2013-07-18
7.2
Admin Local Low Not required Complete Complete Complete
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.
28 CVE-2004-1070 Exec Code 2005-01-10 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.
29 CVE-2004-1005 Overflow 2005-04-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
30 CVE-2004-1004 2005-04-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
31 CVE-2004-0991 Exec Code Overflow 2005-01-11 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.
32 CVE-2004-0986 2005-03-01 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.
33 CVE-2004-0937 Bypass 2005-02-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
34 CVE-2004-0936 Bypass 2005-01-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
35 CVE-2004-0935 Bypass 2005-01-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
36 CVE-2004-0934 Bypass 2005-01-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
37 CVE-2004-0933 Bypass 2005-01-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
38 CVE-2004-0932 Bypass 2005-01-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
39 CVE-2004-0887 +Priv 2005-01-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
SUSE Linux Enterprise Server 9 on the S/390 platform does not properly handle a certain privileged instruction, which allows local users to gain root privileges.
40 CVE-2004-0867 264 2004-12-23 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
41 CVE-2004-0866 2004-09-16 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
42 CVE-2004-0827 DoS Exec Code Overflow 2004-09-16 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
43 CVE-2004-0817 Exec Code Overflow 2004-12-31 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
44 CVE-2004-0803 Exec Code Overflow 2004-12-23 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
45 CVE-2004-0746 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
46 CVE-2004-0688 Exec Code Overflow 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
47 CVE-2004-0687 Exec Code Overflow 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
48 CVE-2004-0496 +Priv 2004-12-06 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
49 CVE-2004-0495 +Priv 2004-08-06 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
50 CVE-2002-1285 +Priv 2002-11-29 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments.
Total number of vulnerabilities : 82   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.