CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Suse » Suse Linux » 9.0 : Security Vulnerabilities

Cpe Name:cpe:/o:suse:suse_linux:9.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-2654 362 2007-05-14 2008-11-13
4.4
None Local Medium Not required Partial Partial Partial
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
2 CVE-2006-2752 2006-06-01 2018-10-18
6.4
None Remote Low Not required Partial Partial None
The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password.
3 CVE-2006-2703 Exec Code 2006-06-01 2018-10-18
5.0
None Remote Low Not required Partial None None
The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack.
4 CVE-2005-4772 2005-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
5 CVE-2005-3322 DoS 2005-10-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
6 CVE-2005-3321 2005-10-27 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
7 CVE-2005-3298 Exec Code Overflow 2005-10-23 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
8 CVE-2005-3297 Exec Code Overflow 2005-10-23 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
9 CVE-2005-1767 DoS 2005-08-05 2017-10-10
2.1
None Local Low Not required None None Partial
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
10 CVE-2005-1761 20 DoS 2005-08-05 2018-10-19
2.1
None Local Low Not required None None Partial
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
11 CVE-2005-1043 DoS 2005-04-14 2018-10-30
5.0
None Remote Low Not required None None Partial
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
12 CVE-2005-0639 Exec Code Overflow 2005-03-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
13 CVE-2005-0638 Exec Code 2005-03-02 2018-10-19
7.5
User Remote Low Not required Partial Partial Partial
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
14 CVE-2005-0605 Exec Code Overflow 2005-03-02 2018-10-03
7.5
User Remote Low Not required Partial Partial Partial
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
15 CVE-2005-0384 DoS 2005-03-15 2018-10-03
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
16 CVE-2005-0373 Exec Code Overflow 2004-10-07 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
17 CVE-2005-0337 Bypass 2005-05-02 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
18 CVE-2005-0207 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
19 CVE-2005-0206 Overflow 2005-04-27 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
20 CVE-2005-0156 Exec Code Overflow 2005-02-07 2018-08-13
2.1
None Local Low Not required None Partial None
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
21 CVE-2005-0085 XSS 2005-04-27 2017-10-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
22 CVE-2005-0005 Exec Code Overflow 2005-05-02 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
23 CVE-2004-2658 2004-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
24 CVE-2004-2097 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.
25 CVE-2004-1895 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
26 CVE-2004-1237 DoS 2005-04-14 2017-10-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
27 CVE-2004-1235 Exec Code 2005-04-14 2017-10-10
6.2
Admin Local High Not required Complete Complete Complete
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
28 CVE-2004-1190 2005-01-10 2017-10-10
2.1
None Local Low Not required None Partial None
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
29 CVE-2004-1184 Exec Code 2005-01-21 2018-10-19
4.6
User Local Low Not required Partial Partial Partial
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
30 CVE-2004-1176 DoS Exec Code 2005-04-14 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
31 CVE-2004-1175 Exec Code 2005-04-14 2017-07-18
7.5
User Remote Low Not required Partial Partial Partial
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
32 CVE-2004-1174 DoS 2005-04-14 2017-07-10
5.0
None Remote Low Not required None None Partial
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
33 CVE-2004-1170 Exec Code 2005-01-10 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
34 CVE-2004-1154 DoS Exec Code Overflow 2005-01-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
35 CVE-2004-1145 Bypass 2004-12-15 2017-10-10
5.0
None Remote Low Not required None Partial None
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
36 CVE-2004-1142 DoS 2004-12-15 2017-10-10
5.0
None Remote Low Not required None None Partial
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
37 CVE-2004-1139 DoS 2004-12-15 2017-10-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).
38 CVE-2004-1098 Bypass 2005-01-10 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.
39 CVE-2004-1093 DoS 2005-04-14 2017-07-10
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
40 CVE-2004-1092 DoS 2005-04-14 2017-07-10
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
41 CVE-2004-1091 DoS 2005-04-14 2017-07-10
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
42 CVE-2004-1090 DoS 2005-04-14 2017-07-10
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."
43 CVE-2004-1074 DoS 2005-01-10 2017-10-10
2.1
None Local Low Not required None None Partial
The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.
44 CVE-2004-1073 2005-01-10 2017-10-10
2.1
None Local Low Not required Partial None None
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
45 CVE-2004-1072 DoS Exec Code Overflow 2005-01-10 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.
46 CVE-2004-1071 Exec Code 2005-01-10 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.
47 CVE-2004-1070 Exec Code 2005-01-10 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.
48 CVE-2004-1009 DoS 2005-04-14 2017-07-10
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
49 CVE-2004-1005 Overflow 2005-04-14 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
50 CVE-2004-1004 2005-04-14 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
Total number of vulnerabilities : 87   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.