CVE-2013-4854

CVE-2013-4854 affects ISC BIND, where the RFC 5011 RDATA handling in rdata.c can trigger an assertion failure during log message construction when processing a malformed RDATA, allowing remote DoS with named exiting. Vulnerable ranges include BIND 9.7.x and 9.8.x before 9.8.5-P2 and 9.8.6b1, 9.9....

CVE-2024-12088

CVE-2024-12088 is a path-traversal vulnerability in rsync when using --safe-links, arising from improper verification of symbolic-link destinations on the server side, potentially allowing writes outside the target directory. Concrete remediation details appear in multiple connected advisories: C...

CVE-2024-12084

CVE-2024-12084: Rsync daemon heap-based buffer overflow caused by improper handling of attacker-controlled checksum lengths (s2length). When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an out-of-bounds write to sum2 is possible. Public advisories confirm this bug affects rsync version...

CVE-2007-1285

CVE-2007-1285 is a denial-of-service flaw in the Zend Engine: processing a deeply nested PHP array can cause stack exhaustion and crash the interpreter. Affected: PHP 4.x before 4.4.7 and PHP 5.x before 5.2.2. Exploitation: remote via crafted input; outcome is a crash/DoS. Remediation: apply patc...

CVE-2015-2567

CVE-2015-2567 is an unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier that could allow a remote authenticated user to affect availability via unknown vectors tied to Server : Security : Privileges. The entry in the advisory notes a low severity (CVSS v2 base 3.5) with an availab...

CVE-2015-2566

CVE-2015-2566 affects Oracle MySQL Server 5.6.22 and earlier, where an unspecified vulnerability in the Server: DML component could allow remote authenticated users to cause a denial of service. Public sources in the provided documents confirm the vulnerability entry and describe the impact as a ...

CVE-2005-4790

Concrete details from connected docs show CVE-2005-4790 is linked to Tomboy and GNOME Tomboy: the LD_LIBRARY_PATH is polluted with a zero-length directory name, causing the current working directory to be searched for libraries and enabling local privilege escalation. The issue is tied to an inco...

CVE-2010-3110

CVE-2010-3110 describes multiple buffer overflows in the Novell Client novfs module for the Linux kernel, affecting SUSE Linux Enterprise 11 SP1 and openSUSE 11.3. The root cause is missing bounds checks in several ioctls of the novfs /proc interface, allowing unprivileged local users to crash th...

CVE-2009-1297

The CVE-2009-1297 issue affects open-iscsi’s iscsi_discovery in openSUSE/OpenSUSE 10.3–11.1 and SUSE/SLE 10 SP2–11. The root cause is unsafe creation of temporary files with a predictable name, enabling a local attacker to perform a symlink attack to overwrite arbitrary files. Several advisories ...

CVE-2005-4791

CVE-2005-4791 involves multiple untrusted search path vulnerabilities in SUSE Linux 10.0 where the working directory is added to LD_LIBRARY_PATH. This could allow a local user to execute arbitrary code via the liferea or banshee executables due to the library search path manipulation. The descrip...

CVE-2006-0803

The CVE describes a flaw in YaST Online Update (YOU) signature verification: it relies on a GPG feature not intended for signature verification, preventing YOU from detecting malicious scripts that fail the signature check when using GPG 1.4.x. Affected component: YOU script; root cause: improper...

CVE-2010-3912

CVE-2010-3912 (NORMAL) Affected products: SUSE Linux Enterprise 11 SP1 and 10 SP3, involving the supportconfig script within the supportutils package. Vulnerability: The supportconfig script does not disguise passwords in configuration files it collects. The available description notes unknown im...

CVE-2011-0988

CVE-2011-0988 affects pure-ftpd 1.0.22 as deployed in SUSE SLES 10 SP3/SP4 and SUSE ED 10 SP3/SP4 when running OES Netware extensions. It creates a world-writable directory that local users could exploit to overwrite arbitrary files and gain privileges via unspecified vectors. SUSE released secur...

CVE-2005-3321

Affected software: SuSE Linux 9.0–10.0. Vulnerable component: chkstat. Local users can cause weaker file permissions by creating a hardlink to a file from a world-writable directory, which reduces the link count to 1 when the original file is deleted or replaced, after which chkstat updates permi...

CVE-2007-4394

CVE-2007-4394 affects SUSE Linux 10.0/10.1 and SUSE Enterprise Server 9/10 via a vulnerability in a "core clean" cron job created by the findutils-locate package. The issue allows local users to delete arbitrary files through unknown vectors prior to 20070810. Documents describe the affected comp...

CVE-2007-4432

CVE-2007-4432 affects the wrapper scripts for rug, zen-updater, zen-installer, and zen-remover on SUSE Linux 10.1 and SUSE Linux Enterprise 10. The issue is an untrusted search path vulnerability caused by environment variables LD_LIBRARY_PATH and MONO_GAC_PREFIX, allowing local privilege escalat...

CVE-2010-1507

Vulnerability CVE-2010-1507 affects WebYaST in the yast2-webclient of SUSE Linux Enterprise 11 on the WebYaST appliance. The root cause is a fixed secret key embedded in the appliance image, which enables remote attackers to spoof session cookies by exploiting knowledge of this key. Publicly know...