Suse Linux Security Vulnerabilities and Issues — Suse Linux CVE List

Lucene search

SuseSuse Linux

20 matches found

CVE•added 2005/11/16 9:17 p.m.•79 views

CVE-2002-2185

The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from ...

4.9CVSS4.5AI score0.00377EPSS

CVE•added 1999/09/29 4:0 a.m.•56 views

CVE-1999-0234

Bash treats any character with a value of 255 as a command separator.

4.6CVSS7.5AI score0.00082EPSS

CVE•added 2004/09/24 4:0 a.m.•56 views

CVE-2004-0905

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

4.6CVSS6.8AI score0.05741EPSS

CVE•added 2006/02/11 11:2 a.m.•56 views

CVE-2006-0646

ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attack...

4.4CVSS7.2AI score0.00075EPSS

CVE•added 1999/09/29 4:0 a.m.•55 views

CVE-1999-0433

XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

4.6CVSS7.1AI score0.00172EPSS

CVE•added 2005/10/05 9:2 p.m.•55 views

CVE-2005-3148

StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.

4.6CVSS6.3AI score0.0009EPSS

CVE•added 2005/01/29 5:0 a.m.•54 views

CVE-2004-1184

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

4.6CVSS7.7AI score0.00943EPSS

CVE•added 2006/12/20 11:28 p.m.•50 views

CVE-2006-6662

Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.

4.1CVSS6.7AI score0.00056EPSS

CVE•added 2002/03/09 5:0 a.m.•49 views

CVE-2001-0641

Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.

4.6CVSS7.5AI score0.00253EPSS

CVE•added 2003/11/17 5:0 a.m.•48 views

CVE-2003-0846

SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file.

4.6CVSS6.7AI score0.00073EPSS

CVE•added 2007/05/14 9:19 p.m.•47 views

CVE-2007-2654

xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

4.4CVSS6AI score0.00038EPSS

CVE•added 2000/01/04 5:0 a.m.•46 views

CVE-1999-0409

Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access.

4.6CVSS6.9AI score0.00152EPSS

CVE•added 2001/08/02 4:0 a.m.•45 views

CVE-2001-0610

kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.

4.6CVSS6.5AI score0.00114EPSS

CVE•added 2005/10/27 10:2 a.m.•44 views

CVE-2005-3321

chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.

4.6CVSS6.2AI score0.00031EPSS

CVE•added 2007/08/17 10:17 p.m.•42 views

CVE-2007-4393

The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.

4.6CVSS6.3AI score0.00065EPSS

CVE•added 2006/01/31 2:3 a.m.•41 views

CVE-2006-0043

Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.

4.6CVSS7.3AI score0.00133EPSS

CVE•added 2007/08/20 7:17 p.m.•41 views

CVE-2007-4432

Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.

4.6CVSS6.6AI score0.00032EPSS

CVE•added 2000/06/15 4:0 a.m.•40 views

CVE-2000-0433

The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles.

4.6CVSS6.9AI score0.00073EPSS

CVE•added 2005/09/21 9:3 p.m.•38 views

CVE-2005-3013

Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.

4.6CVSS7.8AI score0.00085EPSS

CVE•added 2003/11/17 5:0 a.m.•35 views

CVE-2003-0847

SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file.

4.6CVSS6.7AI score0.00154EPSS