724 matches found
SuSE 10 Security Update : evolution-data-server (ZYPP Patch Number 3826)
A malicious IMAP server could execute code within evolution by sending a malformed response to a SEQUENCE command. CVE-2007-3257 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
SuSE 10 Security Update : gpg (ZYPP Patch Number 2994)
When printing a text stream with a GPG signature it was possible for an attacker to create a stream with 'unsigned text, signed text' where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. This is tracked by the Mitre CVE ID CVE-2007-126...
SuSE 10 Security Update : evince (ZYPP Patch Number 2358)
Specially crafted Postscript files could be used to execute arbitrary code by causing a buffer overflow in evince. CVE-2006-5864 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
SuSE 10 Security Update : vim and gvim (ZYPP Patch Number 4095)
This update of Vim addresses a format-string bug in 'helptags'. This bug can be exploited to execute code with the privileges of the user running Vim. CVE-2007-2953 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
SuSE 10 Security Update : libmusicbrainz (ZYPP Patch Number 2042)
This update fixes various buffer overflows that can by exploited by malicious servers to execute arbitrary code. CVE-2006-4197 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
SuSE 10 Security Update : pcre (ZYPP Patch Number 4689)
Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. CVE-2006-7224 / CVE-2006-7225 / CVE-2006-7226 /...
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)
This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...
SuSE 10 Security Update : findutils-locate (ZYPP Patch Number 3966)
The cronjob that deletes old core files could be tricked to delete arbitrary files. Old core files are deleted if DELETEOLDCORE=yes is set. That is not the case by default though. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
SuSE 10 Security Update : cron (ZYPP Patch Number 3093)
By setting hard links to /etc/crontab users were able to prevent cron from running scheduled jobs. CVE-2007-1856 A re-emerged symlink bug allowed users to edit the crontab of other users. CVE-2005-1038 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...
SuSE 10 Security Update : RealPlayer (ZYPP Patch Number 4081)
The media player RealPlayer was updated to version 10.0.9. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29369; scriptversion"1.13";...
SuSE 10 Security Update : clamav (ZYPP Patch Number 4169)
This is an update to ClamAV 0.91.2 to fix various bugs like NULL pointer dereferences and uninitialized variables etc. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
SuSE 10 Security Update : w3m (ZYPP Patch Number 2439)
A format string problem in w3m -dump / -backend mode could be used by a malicious server to crash w3m or execute code. CVE-2006-6772 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
SuSE 10 Security Update : apache2-mod_python (ZYPP Patch Number 4449)
This update fixes a buffer overflow in apache2-modpython that occurs while using python-based output-filter. This bug can be triggered remotely to read possibly confidential data from the process space of the web-server and in rare cases to execute arbitrary code. CVE-2004-2680 %NASLMINLEVEL 7030...
SuSE 10 Security Update : cpio (ZYPP Patch Number 4184)
This update fixes a bug in function safernamesuffix of cpio which leads to a crashing stack. Exploitability is unknown. CVE-2007-4476 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...
SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 3244)
This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. CVE-2007-0555 / CVE-2007-0556 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
SuSE 10 Security Update : pcre (ZYPP Patch Number 4707)
Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. CVE-2006-7230 %NASLMINLEVEL 70300 C Tenable...
SuSE 10 Security Update : Mono (ZYPP Patch Number 2377)
By appending spaces to URLs and attackers could download the source code of scripts that normally get executed by the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
SuSE 10 Security Update : kdelibs3 (ZYPP Patch Number 3053)
A bug in KHTML could be exploited to conduct cross site scripting XSS attacks. CVE-2007-0537 Another bug allowed attackers to abuse the FTP passive mode for portscans. CVE-2007-1564 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
SuSE 10 Security Update : ruby (ZYPP Patch Number 4702)
This update of ruby improves the SSL certificate verification process. CVE-2007-5162 / CVE-2007-5770 Prior to this update it was possible to intercept SSL traffic with a man-in-the-middle attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell,...
SuSE 10 Security Update : poppler (ZYPP Patch Number 4630)
A buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code. CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...