CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Suse : Security Vulnerabilities Published In 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4791 Exec Code 2005-12-31 2008-11-15
2.1
None Local Low Not required None Partial None
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
2 CVE-2005-4790 Exec Code 2005-12-31 2010-11-11
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.
3 CVE-2005-4789 Bypass 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level.
4 CVE-2005-4788 Bypass 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices."
5 CVE-2005-4778 2005-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified "configuration problem," which allows local users to suspend the computer and possibly perform certain other unauthorized actions.
6 CVE-2005-4772 2005-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
7 CVE-2005-3625 399 DoS 2005-12-31 2010-10-18
10.0
None Remote Low Not required Complete Complete Complete
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
8 CVE-2005-3624 189 Overflow 2005-12-31 2010-11-19
5.0
None Remote Low Not required None Partial None
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
9 CVE-2005-3322 DoS 2005-10-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
10 CVE-2005-3321 2005-10-27 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
11 CVE-2005-3298 Exec Code Overflow 2005-10-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
12 CVE-2005-3297 Exec Code Overflow 2005-10-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
13 CVE-2005-3148 2005-10-05 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.
14 CVE-2005-3147 +Info 2005-10-05 2008-09-05
2.1
None Local Low Not required Partial None None
StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.
15 CVE-2005-3146 2005-10-05 2008-09-05
2.1
None Local Low Not required None Partial None
StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.
16 CVE-2005-3013 Exec Code Overflow 2005-09-21 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.
17 CVE-2005-2023 2005-06-17 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.
18 CVE-2005-1767 DoS 2005-08-05 2010-08-21
2.1
None Local Low Not required None None Partial
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
19 CVE-2005-1763 Overflow 2005-06-09 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.
20 CVE-2005-1761 20 DoS 2005-08-05 2010-08-21
2.1
None Local Low Not required None None Partial
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
21 CVE-2005-1043 DoS 2005-04-14 2010-08-21
5.0
None Remote Low Not required None None Partial
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
22 CVE-2005-0750 +Priv 2005-03-27 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
23 CVE-2005-0639 Exec Code Overflow 2005-03-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
24 CVE-2005-0638 Exec Code 2005-03-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
25 CVE-2005-0605 Exec Code Overflow 2005-03-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
26 CVE-2005-0543 XSS 2005-02-24 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
27 CVE-2005-0470 DoS Overflow 2005-03-14 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
28 CVE-2005-0398 DoS 2005-03-14 2010-08-21
5.0
None Remote Low Not required None None Partial
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
29 CVE-2005-0384 DoS 2005-03-15 2010-08-21
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
30 CVE-2005-0337 Bypass 2005-05-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
31 CVE-2005-0207 DoS 2005-05-02 2010-08-21
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
32 CVE-2005-0206 Overflow 2005-04-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
33 CVE-2005-0156 Exec Code Overflow 2005-02-07 2013-10-23
2.1
None Local Low Not required None Partial None
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
34 CVE-2005-0085 XSS 2005-04-27 2010-08-21
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
35 CVE-2005-0005 Exec Code Overflow 2005-05-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
36 CVE-2004-1237 DoS 2005-04-14 2010-08-21
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
37 CVE-2004-1235 Exec Code 2005-04-14 2013-09-09
6.2
Admin Local High Not required Complete Complete Complete
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
38 CVE-2004-1191 2005-01-10 2008-09-10
1.2
None Local High Not required Partial None None
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."
39 CVE-2004-1190 2005-01-10 2010-08-21
2.1
None Local Low Not required None Partial None
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
40 CVE-2004-1184 Exec Code 2005-01-21 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
41 CVE-2004-1176 DoS Exec Code 2005-04-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
42 CVE-2004-1175 Exec Code 2005-04-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
fish.c in midnight commander allows remote attackers execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
43 CVE-2004-1174 DoS 2005-04-14 2008-09-10
5.0
None Remote Low Not required None None Partial
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
44 CVE-2004-1170 Exec Code 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
45 CVE-2004-1154 DoS Exec Code Overflow 2005-01-10 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
46 CVE-2004-1098 Bypass 2005-01-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.
47 CVE-2004-1096 Bypass 2005-01-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
48 CVE-2004-1093 DoS 2005-04-14 2008-09-10
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
49 CVE-2004-1092 DoS 2005-04-14 2008-09-10
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
50 CVE-2004-1091 DoS 2005-04-14 2008-09-10
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
Total number of vulnerabilities : 83   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.