CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Suse : Security Vulnerabilities (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-0460 119 Overflow 2007-01-23 2010-09-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."
2 CVE-2006-0043 Exec Code Overflow 2006-01-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.
3 CVE-2005-3624 189 Overflow 2005-12-31 2010-11-19
5.0
None Remote Low Not required None Partial None
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
4 CVE-2005-3298 Exec Code Overflow 2005-10-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
5 CVE-2005-3297 Exec Code Overflow 2005-10-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
6 CVE-2005-3013 Exec Code Overflow 2005-09-21 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.
7 CVE-2005-1763 Overflow 2005-06-09 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.
8 CVE-2005-0639 Exec Code Overflow 2005-03-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
9 CVE-2005-0605 Exec Code Overflow 2005-03-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
10 CVE-2005-0470 DoS Overflow 2005-03-14 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
11 CVE-2005-0373 Exec Code Overflow 2004-10-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
12 CVE-2005-0206 Overflow 2005-04-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
13 CVE-2005-0156 Exec Code Overflow 2005-02-07 2013-10-23
2.1
None Local Low Not required None Partial None
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
14 CVE-2005-0005 Exec Code Overflow 2005-05-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
15 CVE-2004-1476 Exec Code Overflow 2004-12-31 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
16 CVE-2004-1154 DoS Exec Code Overflow 2005-01-10 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
17 CVE-2004-1072 DoS Exec Code Overflow 2005-01-10 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.
18 CVE-2004-1005 Overflow 2005-04-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
19 CVE-2004-0991 Exec Code Overflow 2005-01-11 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.
20 CVE-2004-0990 DoS Exec Code Overflow 2005-03-01 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
21 CVE-2004-0981 Exec Code Overflow 2005-02-09 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
22 CVE-2004-0947 Exec Code Overflow 2005-02-09 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.
23 CVE-2004-0940 119 Exec Code Overflow XSS 2005-02-09 2008-09-10
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
24 CVE-2004-0929 Exec Code Overflow 2005-01-27 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.
25 CVE-2004-0914 DoS Exec Code Overflow Dir. Trav. +Info 2005-01-10 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
26 CVE-2004-0903 Exec Code Overflow 2005-01-27 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
27 CVE-2004-0902 DoS Exec Code Overflow 2005-01-27 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
28 CVE-2004-0889 DoS Exec Code Overflow 2005-01-27 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
29 CVE-2004-0888 DoS Exec Code Overflow 2005-01-27 2013-08-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
30 CVE-2004-0886 DoS Overflow Mem. Corr. 2005-01-27 2010-08-21
5.0
None Remote Low Not required None None Partial
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
31 CVE-2004-0827 DoS Exec Code Overflow 2004-09-16 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
32 CVE-2004-0817 Exec Code Overflow 2004-12-31 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
33 CVE-2004-0803 Exec Code Overflow 2004-12-23 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
34 CVE-2004-0802 Exec Code Overflow 2004-12-31 2010-01-28
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
35 CVE-2004-0688 Exec Code Overflow 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
36 CVE-2004-0687 Exec Code Overflow 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
37 CVE-2004-0535 Overflow 2004-08-06 2010-08-21
2.1
None Local Low Not required Partial None None
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
38 CVE-2004-0461 DoS Exec Code Overflow 2004-08-06 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.
39 CVE-2004-0460 DoS Exec Code Overflow 2004-08-06 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
40 CVE-2002-0854 Overflow +Priv 2002-09-05 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the i4l package on SuSE 7.3, 8.0, and possibly other operating systems, may allow local users to gain privileges.
41 CVE-2002-0768 Exec Code Overflow 2002-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.
42 CVE-2002-0062 Overflow +Priv 2002-03-08 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
43 CVE-2001-0763 Exec Code Overflow 2001-10-18 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.
44 CVE-2001-0641 Exec Code Overflow 2001-09-20 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.
45 CVE-2001-0525 Overflow +Priv 2001-08-14 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument.
46 CVE-2001-0458 Exec Code Overflow 2001-06-27 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
47 CVE-2001-0172 DoS Exec Code Overflow 2001-03-26 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to cause a denial of service and possibly execute arbitrary commands by via a long directory name.
48 CVE-2000-0491 DoS Exec Code Overflow 2000-05-24 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
49 CVE-2000-0438 Exec Code Overflow 2000-05-22 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.
50 CVE-2000-0362 Overflow +Priv 1999-10-22 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.
Total number of vulnerabilities : 59   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.