SUSE: Security Advisory (SUSE-SU-2013:1175-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-0414

The CVE-2012-0414 entry concerns a Cross-site scripting (XSS) vulnerability in the Spacewalk service of SUSE Manager 1.2 for SUSE Linux Enterprise 11 SP1. The issue allows remote attackers to inject arbitrary web script or HTML via an image name. According to the linked references, the vulnerabil...

CVE-2010-1325

Summary (CVE-2010-1325) : A CSRF vulnerability affects the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise 11 . The issue arises from improper parameter quoting, enabling remote attackers to hijack the authentication of unspecified victims. The availab...

CVE-2010-1507

Vulnerability CVE-2010-1507 affects WebYaST in the yast2-webclient of SUSE Linux Enterprise 11 on the WebYaST appliance. The root cause is a fixed secret key embedded in the appliance image, which enables remote attackers to spoof session cookies by exploiting knowledge of this key. Publicly know...

LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability

No description provided by source. Bugtraq ID: 35451 Class: Boundary Condition Error Published: Jun 21 2009 12:00AM Updated: Nov 12 2009 06:46PM Credit: wololo Vulnerable: Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386...

SUSE Linux 'scsi_discovery tool'不安全临时文件建立漏洞

Bugraq ID: 36887 CVE ID：CVE-2009-1297 SUSE Linux是一款基于linux内核的发行版本。 SUSE Linux 'scsidiscovery tool'工具不安全建立临时文件，本地攻击者可以利用漏洞执行符号链接攻击覆盖任意攻击者指定的文件，造成拒绝服务攻击。 S.u.S.E. SLE SDK 10 SP2 S.u.S.E. SLE 11 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 用户可联系供应商获得最新版本：...

CVE-2009-1297

The CVE-2009-1297 issue affects open-iscsi’s iscsi_discovery in openSUSE/OpenSUSE 10.3–11.1 and SUSE/SLE 10 SP2–11. The root cause is unsafe creation of temporary files with a predictable name, enabling a local attacker to perform a symlink attack to overwrite arbitrary files. Several advisories ...

CVE-2008-2025

CVE-2008-2025 is an XSS vulnerability in Apache Struts (prior to 1.2.9-162.31.1 on SUSE SLE 11, prior to 1.2.9-108.2 on SUSE openSUSE 10.3, prior to 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1) caused by insufficient quoting of parameters. Remote attackers ...