Lucene search
K
SuseSuse Linux

207 matches found

CVE
CVE
added 2025/01/14 5:37 p.m.354 views

CVE-2024-12085

CVE-2024-12085 affects rsync; a flaw in checksum comparison allows an attacker to manipulate s2length, causing comparisons against uninitialized memory and leaking one byte of uninitialized stack data per interaction. The issue is rated HIGH (CVSS 3.1: 7.5) with network attack vector and no user ...

7.5CVSS7.5AI score0.09353EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.279 views

CVE-2002-0083

CVE-2002-0083 is described in the initial document as an off-by-one error in the OpenSSH channel code affecting OpenSSH 2.0–3.0.2 that can allow privilege escalation. The connected F5 advisory (K1648) references CAN-2002-0083 and labels it as an OpenSSH array overflow vulnerability, but does not ...

10CVSS9.1AI score0.14804EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.210 views

CVE-2000-0666

CVE-2000-0666 affects the rpc.statd component of the nfs-utils package across various Linux distributions. The vulnerability arises from the rpc.statd daemon failing to cleanse untrusted format strings, with CERT/CC documenting that user-supplied data can be passed to syslog as a format string, e...

10CVSS9.6AI score0.26322EPSS
CVE
CVE
added 2025/01/14 5:57 p.m.184 views

CVE-2024-12087

CVE-2024-12087 affects rsync and is described in connected advisories as a path traversal vulnerability triggered by the --inc-recursive behavior, arising from insufficient symlink verification and per-file-list deduplication checks. The result could allow a server to write files outside the clie...

7.5CVSS6.5AI score0.02224EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.179 views

CVE-2004-0940

CVE-2004-0940 is a confirmed vulnerability: a buffer overflow in mod_include.get_tag() affects Apache 1.3.x up to 1.3.32, allowing local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. The impact is ...

7.8CVSS8AI score0.0483EPSS
CVE
CVE
added 2005/02/10 5:0 a.m.164 views

CVE-2005-0337

CVE-2005-0337 affects Postfix 2.1.3 where, if /proc/net/if_inet6 is unavailable and permit_mx_backup is enabled in smtpd_recipient_restrictions, remote attackers can bypass email restrictions and perform mail relaying by delivering to an IPv6 hostname. The issue is a flaw in the IPv6 handling pat...

7.5CVSS6.6AI score0.02806EPSS
CVE
CVE
added 2025/01/14 5:37 p.m.162 views

CVE-2024-12086

The CVE-2024-12086 entry concerns rsync. A flaw in rsync’s checksum-based comparison during client→server file transfer can enable a server to enumerate contents of files on the client by sending crafted checksum values and analyzing responses. The connected documents confirm rsync is affected an...

6.8CVSS6.1AI score0.01761EPSS
CVE
CVE
added 2004/06/23 4:0 a.m.141 views

CVE-2004-0495

Summary: CVE-2004-0495 refers to multiple vulnerabilities in Linux kernel 2.4 and 2.6, identified by the Sparse source-checking tool, that can allow local privilege escalation or access to kernel memory. Affected software: Linux kernel for 2.4 and 2.6 series. Root cause/impact: local attacker cou...

7.2CVSS6.5AI score0.00424EPSS
CVE
CVE
added 2005/03/04 5:0 a.m.133 views

CVE-2005-0605

The CVE-2005-0605 issue concerns LibXPM’s scan.c where a negative bitmap_unit value can cause a buffer overflow, allowing arbitrary code execution. Connected sources confirm LibXPM involvement and link to patches/advisories; for Solaris SPARC, patch 119063-01 (libXpm patch) is cited as remediatio...

7.5CVSS9.6AI score0.04507EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.131 views

CVE-2001-0872

Technical details for CVE-2001-0872 are not provided in the connected documents. The initial description notes OpenSSH 3.0.1 with UseLogin and LD_PRELOAD cleansing issue. Monitor for updates.

7.2CVSS9.1AI score0.00871EPSS
CVE
CVE
added 2004/12/22 5:0 a.m.130 views

CVE-2004-1154

Samba vulnerability CVE-2004-1154 affects Samba 2.x and 3.0.x up to 3.0.9. The issue is a heap-based buffer overflow triggered by a Samba request carrying a very large number of security descriptors, leading to remote authentication and potentially code execution via an overflow, with denial of s...

10CVSS7.4AI score0.13196EPSS
CVE
CVE
added 2004/06/15 4:0 a.m.119 views

CVE-2004-0554

CVE-2004-0554 affects the Linux kernel (2.4.x and 2.6.x on x86). The root cause is a local-denial-of-service condition triggered by an infinite loop that abuses a sequence of fsave/frstor instructions in a signal handler (as demonstrated by crash.c). The practical impact is a system crash/DoS wit...

2.1CVSS5.9AI score0.00866EPSS
CVE
CVE
added 2005/01/20 5:0 a.m.119 views

CVE-2004-1235

CVE-2004-1235 documents a race condition in the Linux kernel (load_elf_library and binfmt_aout paths used by uselib) affecting 2.4 (through 2.429-rc2) and 2.6 (through 2.6.10). Exploitation allows a local user to execute arbitrary code by manipulating the VMA descriptor. The initial description p...

6.2CVSS7.5AI score0.02893EPSS
CVE
CVE
added 2005/04/03 5:0 a.m.114 views

CVE-2005-0750

CVE-2005-0750 affects the Bluetooth driver in the Linux kernel (2.4.6–2.4.30-rc1 and 2.6–2.6.11.5). The bluez_sock_create function fails to validate a negative protocol value, allowing a local user to gain privileges via a crafted socket or socketpair call. Public details appear in multiple advis...

7.2CVSS5.3AI score0.00847EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.112 views

CVE-2005-3624

CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...

5CVSS6.3AI score0.02301EPSS
CVE
CVE
added 2004/09/24 12:0 a.m.111 views

CVE-2004-0687

CVE-2004-0687 affects OpenMotif (libXpm) with stack-based overflows in xpmParseColors, ParseAndPutPixels, and ParsePixels, allowing remote code execution via malformed XPM images. Evidence in multiple advisories confirms OpenMotif/libXpm as the vulnerable component and that patches/updates exist ...

7.5CVSS7.3AI score0.08052EPSS
CVE
CVE
added 2006/03/21 2:0 a.m.110 views

CVE-2006-0745

The CVE concerns the X.Org X Server (xorg-server) 1.0.0 and later (X11R6.9.0, X11R7.0) where a faulty check tests the address of geteuid instead of the function result, allowing a local user to bypass restrictions and perform a Local Privilege Escalation. Impact described across sources: an unpri...

7.2CVSS6.7AI score0.01099EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.108 views

CVE-2004-0889

CVE-2004-0889 involves multiple integer overflows in xpdf 3.0 and in code paths that reuse xpdf (e.g., in CUPS) that can be exploited remotely to crash the service (DoS) and potentially execute arbitrary code. The description confirms a remote impact and the possibility of code execution, tied to...

10CVSS7.3AI score0.06209EPSS
CVE
CVE
added 2005/02/15 5:0 a.m.106 views

CVE-2005-0206

Technical details about CVE-2005-0206 are not provided in the connected documents. Available sources reference related issues (CVE-2004-0888) and patch notes without explicit impact, affected products, or fixes for this CVE.

7.5CVSS6.7AI score0.02986EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.104 views

CVE-2004-0981

CVE-2004-0981 affects ImageMagick and concerns a buffer overflow in the TIFF/EXIF parsing routine that can lead to remote code execution via a crafted image file. The initial record states the vulnerability exists in ImageMagick before 6.1.0, with a network-based attack vector and critical impact...

10CVSS7.3AI score0.05843EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.101 views

CVE-2000-0844

The connected records confirm CVE-2000-0844 affects Unix locale subsystem functions that fail to cleanse user-supplied format strings, enabling local attackers to execute arbitrary commands through gettext, catopen, and related calls. The root cause is improper sanitization of format strings in l...

10CVSS7.7AI score0.15349EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.101 views

CVE-2004-0803

CVE-2004-0803 affects the libtiff RLE decoders in libtiff 3.6.x and earlier, with buffer overflows and integer overflow issues that could allow a remote attacker to execute arbitrary code by feeding a crafted TIFF file. The connected advisories (RHSA/CESA/CENTA, Slackware/Tenable/NASL entries) in...

7.5CVSS9.8AI score0.08268EPSS
CVE
CVE
added 2004/12/15 5:0 a.m.100 views

CVE-2004-0914

Concrete details: CVE-2004-0914 concerns multiple vulnerabilities in libXpm (as used by XFree86/X.Org) including integer overflows, out-of-bounds reads, directory traversal, shell metacharacter issues, endless loops, and memory leaks in parsing XPM images. If exploited via a crafted XPM file, rem...

10CVSS7.6AI score0.08698EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.100 views

CVE-2004-0949

CVE-2004-0949 affects the Samba filesystem smbfs in Linux kernel 2.4/2.6, where smb_recv_trans2 fails to reassemble fragmented packets, allowing a remote attacker via the network to read arbitrary kernel information or to inflate a counter by replaying the first fragment. Public advisories (RHSA,...

6.4CVSS7.2AI score0.02626EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.100 views

CVE-2005-3625

CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...

10CVSS6.2AI score0.03855EPSS
CVE
CVE
added 2005/11/16 9:17 p.m.99 views

CVE-2002-2185

The CVE-2002-2185 issue concerns a flaw in IGMP processing in the Linux kernel that could let a local attacker cause a denial of service by sending an IGMP membership report addressed to a target’s Ethernet address rather than the multicast group address. Public advisories (e.g., RHSA-2006:0101 a...

4.9CVSS4.5AI score0.02493EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.99 views

CVE-2004-1073

The CVE-2004-1073 entry affects the Linux kernel (2.4.x up to 2.4.27 and 2.6.x up to 2.6.8). It is caused by the open_exec path of the execve functionality (exec.c), where the interpreter (PT_INTERP) handling can allow local users to read non-readable ELF binaries. The description specifies local...

2.1CVSS7AI score0.0081EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.98 views

CVE-2005-3626

CVE-2005-3626 affects Xpdf and related components (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The vulnerability arises from a crafted FlateDecode stream that triggers a null dereference, leading to a denial of service (crash). The connected Nessus entry (NEWSTART_CGSL_NS-SA...

5CVSS6.1AI score0.0341EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.96 views

CVE-2004-0883

CVE-2004-0883 concerns multiple vulnerabilities in the Samba filesystem (smbfs) within the Linux kernel (versions 2.4 and 2.6). The description states that remote Samba servers could cause a denial of service (kernel crash) or information disclosure by triggering one of several flawed packet-hand...

6.4CVSS7.6AI score0.04078EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.95 views

CVE-2004-0888

CVE-2004-0888 : Multiple integer overflows in xpdf (v2.0/v3.0) and in code that uses xpdf (e.g., CUPS, gpdf, kdegraphics) allow remote attackers to crash services and possibly execute arbitrary code. Some reports note 64-bit builds can exacerbate the overflow (pdftops/filter path). Remediation is...

10CVSS7.6AI score0.09334EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.94 views

CVE-2004-1072

CVE-2004-1072 describes a vulnerability in the Linux kernel where the binfmt_elf loader (binfmt_elf.c) may create an interpreter name string that is not NULL terminated, allowing strings longer than PATH_MAX to be used. This can cause buffer overflows that may lead to a local denial of service (h...

7.2CVSS7.5AI score0.00558EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.94 views

CVE-2005-0005

CVE-2005-0005 is a heap-based buffer overflow in ImageMagick’s psd.c that affects ImageMagick 6.1.0, 6.1.7, and possibly earlier versions. An attacker can trigger remote code execution by supplying a PSD image with a large number of layers. Connected documents confirm the vulnerability and link t...

7.5CVSS7.8AI score0.04378EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.93 views

CVE-2004-0886

CVE-2004-0886 is a libtiff integer overflow issue (v3.6.1 and earlier) that allows a remote attacker to crash or memory-corrupt a target via crafted TIFF images, due to incorrect malloc calls. Multiple advisories (RH/RHSA, CentOS, Slackware, Mandrake) note libtiff-related fixes; updates/patches e...

5CVSS9.1AI score0.05435EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.93 views

CVE-2004-1070

Technical details (affected kernel versions, vulnerable component, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.

7.2CVSS7.3AI score0.00508EPSS
CVE
CVE
added 2004/06/08 4:0 a.m.92 views

CVE-2004-0535

CVE-2004-0535 relates to the Linux kernel's e1000 NIC driver (2.4.x and earlier) where memory used by the driver was not properly initialized before access. This could permit a local attacker to read portions of kernel memory. The issue is documented and linked to several vendor advisories (e.g.,...

2.1CVSS5.7AI score0.0047EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.92 views

CVE-2004-0827

CVE-2004-0827 affects ImageMagick 5.x before 5.4.4 and 6.x before 6.0.6.2, with remote denial of service and potential arbitrary code execution via malformed AVI, BMP, or DIB files. Multiple connected advisories (Ubuntu USN-35-1, Debian DSA 547-1, Red Hat RHSA-2004:480/636, etc.) corroborate buff...

7.5CVSS7.5AI score0.05512EPSS
CVE
CVE
added 2004/07/06 4:0 a.m.91 views

CVE-2004-0497

CVE-2004-0497 describes a local privilege escalation in the Linux kernel 2.x family (notably 2.4/2.6-rc3) due to missing DAC controls in sys_chown, enabling a local user to modify the group ownership of files (including NFS-exported files) they do not own. The underlying issue allows changing fil...

2.1CVSS5.7AI score0.00801EPSS
Web
CVE
CVE
added 2005/02/07 5:0 a.m.91 views

CVE-2005-0156

The CVE-2005-0156 issue affects Perl 5.8.0 when built with setuid support (sperl). The vulnerability is a buffer overflow in the PerlIO implementation that can be triggered by setting PERLIO_DEBUG and running a Perl script whose full pathname has a long directory tree. This allows local users to ...

2.1CVSS7AI score0.01315EPSS
CVE
CVE
added 2004/07/06 4:0 a.m.88 views

CVE-2004-0496

The CVE-2004-0496 entry refers to multiple local vulnerabilities in the Linux kernel 2.6, distinct from CVE-2004-0495, discovered via Sparse. Connected sources (Gentoo GLSA advisories GLSA-200407-02 and GLSA-200407-16, OpenVAS NASLs, and NVD/NVD-style listings) corroborate that CAN-2004-0496 conc...

7.2CVSS6.5AI score0.00393EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.87 views

CVE-2002-0062

CVE-2002-0062 is a local privilege-escalation in ncurses 5.0 and the ncurses4 compatibility package, caused by a buffer overflow in routines for moving the physical cursor and scrolling. Debian and Red Hat advisories describe the issue and assign CAN-2002-0062. Affected products include ncurses 5...

7.2CVSS6.5AI score0.00485EPSS
CVE
CVE
added 2004/10/28 4:0 a.m.87 views

CVE-2004-0990

CVE-2004-0990 describes an integer overflow in the GD Graphics Library (libgd) 2.0.28 (and possibly earlier/other versions) that can be triggered by PNG image files with large image row values. This leads to a heap-based buffer overflow in gdImageCreateFromPngCtx, enabling remote denial of servic...

10CVSS7.9AI score0.28255EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.86 views

CVE-2000-0869

CVE-2000-0869: The default Apache 1.3.12 configuration on SuSE Linux 6.4 enables WebDAV, allowing remote attackers to list arbitrary directories via the PROPFIND method. This results in information disclosure about directory structure. The issue is tied to the WebDAV module being active by defaul...

5CVSS6.8AI score0.5095EPSS
CVE
CVE
added 2005/02/15 5:0 a.m.86 views

CVE-2005-0085

The CVE-2005-0085 entry concerns ht://dig (htdig) prior to version 3.1.6-r7, which is vulnerable to cross-site scripting (XSS). The root cause is that the config parameter is not properly sanitized before being displayed in an error message, allowing a remote attacker to trigger arbitrary web scr...

6.8CVSS5.7AI score0.02273EPSS
CVE
CVE
added 2005/03/26 5:0 a.m.85 views

CVE-2005-0398

CVE-2005-0398 affects the racoon daemon in ipsec-tools prior to 0.5. A remote attacker can send malformed ISAKMP packets that trigger a crash, causing a denial of service. The issue is documented in multiple advisories (e.g., Fedora, Ubuntu USN-107-1, Gentoo GLSA) and Red Hat/FreeBSD/OpenVAS entr...

5CVSS6.2AI score0.02433EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.83 views

CVE-2001-0834

CVE-2001-0834 affects the htsearch CGI in ht://Dig (htdig)

6.4CVSS6.6AI score0.02635EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.83 views

CVE-2004-0807

Technical details for CVE-2004-0807 are not publicly provided in the connected documents. Affected products, exploit vectors, root cause, and fixes are not specified here. Monitor vendor advisories and security feeds for updates and concrete remediation guidance.

5CVSS6.2AI score0.05498EPSS
CVE
CVE
added 2004/09/17 4:0 a.m.83 views

CVE-2004-0817

CVE-2004-0817 describes multiple heap-based buffer overflows in the imlib BMP image handler that allow remote attackers to execute arbitrary code via a crafted BMP file. Connected advisories confirm the affected component is imlib/imlib2 BMP decoding code and reference vendor/security updates (e....

7.5CVSS7.2AI score0.04871EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.83 views

CVE-2004-0867

CVE-2004-0867 affects Mozilla Firefox 0.9.2 by allowing websites to set cookies for country-specific top‑level domains (e.g., .ltd.uk, .plc.uk, .sch.uk), which could enable a session‑fixation attack and session hijack. The note indicates 2.x may also be affected. Technical details in the provided...

7.5CVSS6.9AI score0.17183EPSS
CVE
CVE
added 2004/10/21 4:0 a.m.83 views

CVE-2004-0957

CVE-2004-0957 affects MySQL up to version 3.23.58 and earlier. A local user with privileges on a database whose name contains an underscore could grant privileges to other databases with similar names, enabling unauthorized activities. Connected advisories (e.g., SLES9, Ubuntu USN-32-1) show this...

6.8CVSS5.9AI score0.02425EPSS
CVE
CVE
added 2000/12/19 5:0 a.m.82 views

CVE-2000-1134

CVE-2000-1134 concerns multiple shells (tcsh, csh, sh, bash) that follow symlinks when processing here-documents (<

7.2CVSS6.2AI score0.01415EPSS
Total number of security vulnerabilities207