Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
NovellSuse Linux

17 matches found

CVE
CVEadded 2013/07/29 1:59 p.m.441 views

CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with...

7.8CVSS5.6AI score0.70184EPSS
CVE
CVEadded 2025/01/14 6:15 p.m.135 views

CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the d...

7.5CVSS8AI score0.0052EPSS
CVE
CVEadded 2025/01/15 3:15 p.m.111 views

CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

9.8CVSS9.6AI score0.02911EPSS
CVE
CVEadded 2015/04/16 5:0 p.m.77 views

CVE-2015-2567

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.

3.5CVSS5.2AI score0.00659EPSS
CVE
CVEadded 2007/03/06 8:19 p.m.73 views

CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

7.5CVSS7.3AI score0.06889EPSS
CVE
CVEadded 2015/04/16 5:0 p.m.69 views

CVE-2015-2566

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.

2.8CVSS5.2AI score0.00743EPSS
CVE
CVEadded 2010/10/12 8:0 p.m.55 views

CVE-2010-3110

Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.

7.2CVSS7.4AI score0.00043EPSS
CVE
CVEadded 2009/10/23 6:30 p.m.51 views

CVE-2009-1297

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.

4.4CVSS5.5AI score0.00021EPSS
CVE
CVEadded 2006/04/26 10:0 p.m.49 views

CVE-2005-4790

Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy ...

6.9CVSS7.1AI score0.00085EPSS
CVE
CVEadded 2006/02/23 8:2 p.m.48 views

CVE-2006-0803

The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.

5CVSS6.5AI score0.00212EPSS
CVE
CVEadded 2006/04/26 10:0 p.m.47 views

CVE-2005-4791

Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.

2.1CVSS7.2AI score0.00152EPSS
CVE
CVEadded 2011/01/13 1:0 a.m.45 views

CVE-2010-3912

The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.

10CVSS6.7AI score0.00248EPSS
CVE
CVEadded 2005/10/27 10:2 a.m.44 views

CVE-2005-3321

chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.

4.6CVSS6.2AI score0.00031EPSS
CVE
CVEadded 2011/04/18 5:55 p.m.44 views

CVE-2011-0988

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.

4.4CVSS6.6AI score0.00039EPSS
CVE
CVEadded 2007/08/17 10:17 p.m.41 views

CVE-2007-4394

Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.

2.1CVSS6.3AI score0.00035EPSS
CVE
CVEadded 2007/08/20 7:17 p.m.41 views

CVE-2007-4432

Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.

4.6CVSS6.6AI score0.00032EPSS
CVE
CVEadded 2010/09/03 8:0 p.m.37 views

CVE-2010-1507

WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.

5CVSS6.8AI score0.00195EPSS