SUSE CVE-2010-3853

pamnamespace.c in the pamnamespace module in Linux-PAM aka pam before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pamnamespace PAM...

SUSE CVE-2010-4171

The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service unloading of arbitrary kernel modules...

SUSE CVE-2010-4661

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules...

SUSE CVE-2011-0006

The imalsmruleinit function in security/integrity/ima/imapolicy.c in the Linux kernel before 2.6.37, when the Linux Security Modules LSM framework is disabled, allows local users to bypass Integrity Measurement Architecture IMA rules in opportunistic circumstances by leveraging an administrator's...

SUSE CVE-2011-2746

Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System OTRS 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors...

SUSE CVE-2011-3172

A vulnerability in pammodules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12...

SUSE CVE-2012-3502

The proxy functionality in 1 modproxyajp.c in the modproxyajp module and 2 modproxyhttp.c in the modproxyhttp module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitiv...

SUSE CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644...

SUSE CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

SUSE CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

SUSE CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

SUSE CVE-2015-1341

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function pythonmodulepath...

SUSE CVE-2015-3409

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module...

SUSE CVE-2015-6496

conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service crash via a 1 DCCP, 2 SCTP, or 3 ICMPv6 packet...

SUSE CVE-2016-5170

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified oth...

SUSE CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

SUSE CVE-2017-3167

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...

SUSE CVE-2017-18355

Installed packages are exposed by nodemodules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "where" attribute of package.json files...

SUSE CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code...

SUSE CVE-2019-7653

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts...