Suse Linux@1.0 Security Vulnerabilities and Issues — Suse Linux@1.0 CVE List

Lucene search

SuseSuse Linux1.0

36 matches found

CVE•added 2005/01/10 5:0 a.m.•105 views

CVE-2004-1154

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer o...

10CVSS7.4AI score0.27766EPSS

CVE•added 2005/04/14 4:0 a.m.•98 views

CVE-2004-1235

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

6.2CVSS7.5AI score0.00083EPSS

CVE•added 2005/04/03 5:0 a.m.•95 views

CVE-2005-0750

The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

7.2CVSS5.3AI score0.002EPSS

CVE•added 2004/12/23 5:0 a.m.•85 views

CVE-2004-0803

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

7.5CVSS9.8AI score0.17883EPSS

CVE•added 2005/01/10 5:0 a.m.•83 views

CVE-2004-0949

The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number...

6.4CVSS7.2AI score0.0337EPSS

CVE•added 2005/04/27 4:0 a.m.•81 views

CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

7.5CVSS6.7AI score0.06529EPSS

CVE•added 2006/01/06 10:0 p.m.•79 views

CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

5CVSS6.3AI score0.07223EPSS

CVE•added 2006/01/06 10:0 p.m.•78 views

CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

5CVSS6.1AI score0.09167EPSS

CVE•added 2005/01/10 5:0 a.m.•77 views

CVE-2004-1072

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of servi...

7.2CVSS7.5AI score0.0007EPSS

CVE•added 2005/01/10 5:0 a.m.•76 views

CVE-2004-0883

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returnin...

6.4CVSS7.6AI score0.19542EPSS

CVE•added 2006/01/06 10:0 p.m.•75 views

CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

10CVSS6.2AI score0.11286EPSS

CVE•added 2005/01/10 5:0 a.m.•73 views

CVE-2004-1073

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

2.1CVSS7AI score0.00198EPSS

CVE•added 2005/01/10 5:0 a.m.•71 views

CVE-2004-1070

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitr...

7.2CVSS7.3AI score0.00055EPSS

CVE•added 2004/12/23 5:0 a.m.•67 views

CVE-2004-0867

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.

7.5CVSS6.9AI score0.04214EPSS

CVE•added 2005/01/27 5:0 a.m.•66 views

CVE-2004-0886

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

5CVSS9.1AI score0.10989EPSS

CVE•added 2005/02/13 5:0 a.m.•65 views

CVE-2004-0866

Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

7.5CVSS6.9AI score0.03541EPSS

CVE•added 2005/01/27 5:0 a.m.•65 views

CVE-2004-0902

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a ...

10CVSS7.5AI score0.18825EPSS

CVE•added 2005/08/05 4:0 a.m.•65 views

CVE-2005-1767

traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).

2.1CVSS5.8AI score0.00034EPSS

CVE•added 2005/02/13 5:0 a.m.•63 views

CVE-2005-0373

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

7.5CVSS7.4AI score0.04758EPSS

CVE•added 2005/04/14 4:0 a.m.•63 views

CVE-2005-1043

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.

5CVSS6.3AI score0.01229EPSS

CVE•added 2005/01/10 5:0 a.m.•62 views

CVE-2004-0914

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers t...

10CVSS7.6AI score0.0079EPSS

CVE•added 2005/06/14 4:0 a.m.•62 views

CVE-2005-1763

Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.

7.2CVSS7.3AI score0.00042EPSS

CVE•added 2005/01/27 5:0 a.m.•61 views

CVE-2004-0903

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a...

10CVSS7.7AI score0.18826EPSS

CVE•added 2005/04/14 4:0 a.m.•59 views

CVE-2004-1237

Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.

2.1CVSS6.3AI score0.00058EPSS

CVE•added 2005/03/04 5:0 a.m.•57 views

CVE-2005-0639

Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.

7.5CVSS7.4AI score0.01955EPSS

CVE•added 2005/08/05 4:0 a.m.•57 views

CVE-2005-1761

Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.

2.1CVSS5.9AI score0.00034EPSS

CVE•added 2004/09/24 4:0 a.m.•56 views

CVE-2004-0905

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

4.6CVSS6.8AI score0.05741EPSS

CVE•added 2005/02/17 5:0 a.m.•56 views

CVE-2004-1491

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

5CVSS7.5AI score0.2586EPSS

CVE•added 2005/01/29 5:0 a.m.•54 views

CVE-2004-1184

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

4.6CVSS7.7AI score0.00943EPSS

CVE•added 2005/01/10 5:0 a.m.•53 views

CVE-2004-1071

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

7.2CVSS7.4AI score0.00052EPSS

CVE•added 2005/03/04 5:0 a.m.•50 views

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.

7.5CVSS7.1AI score0.02388EPSS

CVE•added 2007/05/14 9:19 p.m.•47 views

CVE-2007-2654

xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

4.4CVSS6AI score0.00038EPSS

CVE•added 2006/04/07 10:0 a.m.•45 views

CVE-2005-4772

liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.

6.4CVSS6.4AI score0.00279EPSS

CVE•added 2005/05/02 4:0 a.m.•42 views

CVE-2005-0207

Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

2.1CVSS6.2AI score0.00078EPSS

CVE•added 2006/01/31 2:3 a.m.•41 views

CVE-2006-0043

Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.

4.6CVSS7.3AI score0.00133EPSS

CVE•added 2005/01/27 5:0 a.m.•38 views

CVE-2004-0929

Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.

10CVSS8AI score0.08155EPSS