Suse Linux Security Vulnerabilities and Issues — Suse Linux CVE List

Lucene search

SuseSuse Linux

36 matches found

CVE•added 2006/01/06 10:0 p.m.•79 views

CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

5CVSS6.3AI score0.07223EPSS

CVE•added 2006/01/06 10:0 p.m.•78 views

CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

5CVSS6.1AI score0.09167EPSS

CVE•added 2004/09/14 4:0 a.m.•67 views

CVE-2004-0807

Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.

5CVSS6.2AI score0.09849EPSS

CVE•added 2005/01/27 5:0 a.m.•66 views

CVE-2004-0886

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

5CVSS9.1AI score0.10989EPSS

CVE•added 2005/03/18 5:0 a.m.•66 views

CVE-2005-0384

Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.

5CVSS5.1AI score0.12773EPSS

CVE•added 2005/03/26 5:0 a.m.•66 views

CVE-2005-0398

The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

5CVSS6.2AI score0.04064EPSS

CVE•added 2001/01/22 5:0 a.m.•65 views

CVE-2000-0869

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.

5CVSS6.8AI score0.08565EPSS

CVE•added 2005/01/10 5:0 a.m.•65 views

CVE-2004-0956

MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.

5CVSS6.1AI score0.01048EPSS

CVE•added 2005/04/14 4:0 a.m.•63 views

CVE-2005-1043

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.

5CVSS6.3AI score0.01229EPSS

CVE•added 2004/12/31 5:0 a.m.•62 views

CVE-2004-0802

Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

5.1CVSS7.5AI score0.06287EPSS

CVE•added 2005/02/17 5:0 a.m.•56 views

CVE-2004-1491

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

5CVSS7.5AI score0.2586EPSS

CVE•added 2005/04/14 4:0 a.m.•55 views

CVE-2004-1174

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

5CVSS6.1AI score0.01138EPSS

CVE•added 2001/01/22 5:0 a.m.•54 views

CVE-2000-0868

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.

5CVSS6.8AI score0.08808EPSS

CVE•added 2004/12/31 5:0 a.m.•54 views

CVE-2004-1139

Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

5CVSS6.2AI score0.06148EPSS

CVE•added 2002/03/09 5:0 a.m.•53 views

CVE-2001-0851

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

5CVSS6.6AI score0.00623EPSS

CVE•added 2005/04/14 4:0 a.m.•53 views

CVE-2004-1090

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

5CVSS6.3AI score0.0106EPSS

CVE•added 2005/04/14 4:0 a.m.•53 views

CVE-2004-1091

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

5CVSS6.2AI score0.0106EPSS

CVE•added 2004/12/31 5:0 a.m.•53 views

CVE-2004-1142

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

5CVSS6.2AI score0.08831EPSS

CVE•added 2005/04/14 4:0 a.m.•52 views

CVE-2004-1092

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

5CVSS6.3AI score0.00763EPSS

CVE•added 2004/12/31 5:0 a.m.•52 views

CVE-2004-1145

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary fi...

5CVSS6.8AI score0.06715EPSS

CVE•added 2000/01/18 5:0 a.m.•50 views

CVE-1999-0831

Denial of service in Linux syslogd via a large number of connections.

5CVSS6.9AI score0.0052EPSS

CVE•added 2006/01/23 8:0 p.m.•50 views

CVE-2004-0592

The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative i...

5CVSS6.5AI score0.01738EPSS

CVE•added 2000/03/22 5:0 a.m.•49 views

CVE-1999-0746

A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.

5CVSS6.6AI score0.04014EPSS

CVE•added 2005/10/27 10:2 a.m.•49 views

CVE-2005-3322

Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).

5CVSS6.6AI score0.0071EPSS

CVE•added 2004/12/06 5:0 a.m.•48 views

CVE-2004-0626

The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the...

5CVSS6.2AI score0.01738EPSS

CVE•added 2006/02/23 8:2 p.m.•48 views

CVE-2006-0803

The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.

5CVSS6.5AI score0.00212EPSS

CVE•added 2001/01/22 5:0 a.m.•47 views

CVE-2000-1107

in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.

5CVSS7AI score0.00886EPSS

CVE•added 2000/01/04 5:0 a.m.•46 views

CVE-1999-0804

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

5CVSS7AI score0.03718EPSS

CVE•added 2005/02/13 5:0 a.m.•46 views

CVE-2004-1476

Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.

5.1CVSS7.6AI score0.02053EPSS

CVE•added 2005/04/14 4:0 a.m.•45 views

CVE-2004-1009

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

5CVSS6.2AI score0.01288EPSS

CVE•added 2005/04/14 4:0 a.m.•45 views

CVE-2004-1093

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

5CVSS6.3AI score0.0106EPSS

CVE•added 2001/01/22 5:0 a.m.•44 views

CVE-2000-1016

The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.

5CVSS6.5AI score0.04264EPSS

CVE•added 2005/03/14 5:0 a.m.•43 views

CVE-2005-0470

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.

5CVSS6.8AI score0.01207EPSS

CVE•added 2006/09/12 4:7 p.m.•41 views

CVE-2006-2658

Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.

5CVSS6.7AI score0.00641EPSS

CVE•added 2006/06/01 10:2 a.m.•40 views

CVE-2006-2703

The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack.

5CVSS6.9AI score0.00338EPSS

CVE•added 2002/06/25 4:0 a.m.•32 views

CVE-2001-0918

Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely.

5.1CVSS8.1AI score0.00843EPSS