Suse » Suse Linux » 9.1 : Security Vulnerabilities
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."
Max Base Score
10.0
Published
2007-01-24
Updated
2010-09-15
EPSS
0.52%
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
Max Base Score
4.6
Published
2005-10-27
Updated
2018-10-30
EPSS
0.05%
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
Max Base Score
2.1
Published
2005-08-05
Updated
2023-02-13
EPSS
0.05%
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
Max Base Score
2.1
Published
2005-08-05
Updated
2023-02-13
EPSS
0.11%
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
Max Base Score
5.0
Published
2005-04-14
Updated
2018-10-30
EPSS
1.42%
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
Max Base Score
7.5
Published
2005-03-02
Updated
2008-09-05
EPSS
2.00%
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
Max Base Score
7.5
Published
2005-03-02
Updated
2018-10-19
EPSS
0.97%
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
Max Base Score
7.5
Published
2005-03-02
Updated
2018-10-03
EPSS
2.17%
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
Max Base Score
5.0
Published
2005-03-14
Updated
2017-10-11
EPSS
5.32%
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
Max Base Score
5.0
Published
2005-03-15
Updated
2018-10-03
EPSS
10.67%
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
Max Base Score
7.5
Published
2004-10-07
Updated
2017-07-11
EPSS
4.79%
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
Max Base Score
7.5
Published
2005-05-02
Updated
2017-10-11
EPSS
9.48%
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
Max Base Score
2.1
Published
2005-05-02
Updated
2017-10-11
EPSS
0.07%
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
Max Base Score
7.5
Published
2005-04-27
Updated
2017-10-11
EPSS
0.94%
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Max Base Score
2.1
Published
2005-02-07
Updated
2018-08-13
EPSS
0.04%
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
Max Base Score
6.8
Published
2005-04-27
Updated
2017-10-11
EPSS
1.84%
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
Max Base Score
7.5
Published
2005-05-02
Updated
2017-10-11
EPSS
13.57%
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
Max Base Score
5.0
Published
2004-12-31
Updated
2022-02-28
EPSS
6.72%
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
Max Base Score
2.1
Published
2005-04-14
Updated
2017-10-11
EPSS
0.04%
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
Max Base Score
6.2
Published
2005-04-14
Updated
2017-10-11
EPSS
0.04%
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
Max Base Score
4.6
Published
2005-01-21
Updated
2018-10-19
EPSS
0.32%
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Max Base Score
7.5
Published
2005-04-14
Updated
2017-07-11
EPSS
8.85%
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
Max Base Score
7.5
Published
2005-04-14
Updated
2017-07-19
EPSS
1.32%
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
Max Base Score
5.0
Published
2005-04-14
Updated
2017-07-11
EPSS
0.41%
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
Max Base Score
10.0
Published
2005-01-10
Updated
2018-10-19
EPSS
3.41%