Suse Linux Security Vulnerabilities and Issues — Suse Linux CVE List

Lucene search

SuseSuse Linux

11 matches found

CVE•added 2007/01/24 1:28 a.m.•51 views

CVE-2007-0460

Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."

10CVSS6.5AI score0.00529EPSS

CVE•added 2007/12/20 9:0 p.m.•50 views

CVE-2003-1538

susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries.

6.4CVSS7.7AI score0.00452EPSS

CVE•added 2007/11/29 1:46 a.m.•50 views

CVE-2007-6167

Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.

7.2CVSS7.2AI score0.00057EPSS

CVE•added 2007/05/14 9:19 p.m.•47 views

CVE-2007-2654

xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

4.4CVSS6AI score0.00038EPSS

CVE•added 2007/10/14 6:17 p.m.•45 views

CVE-2007-5195

Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196.

6.8CVSS6.3AI score0.00519EPSS

CVE•added 2007/10/14 6:17 p.m.•45 views

CVE-2007-5196

7.5CVSS6.3AI score0.00519EPSS

CVE•added 2007/07/30 5:30 p.m.•43 views

CVE-2007-4074

The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arb...

10CVSS7.2AI score0.01413EPSS

CVE•added 2007/08/17 10:17 p.m.•42 views

CVE-2007-4393

The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.

4.6CVSS6.3AI score0.00065EPSS

CVE•added 2007/08/17 10:17 p.m.•41 views

CVE-2007-4394

Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.

2.1CVSS6.3AI score0.00035EPSS

CVE•added 2007/08/20 7:17 p.m.•41 views

CVE-2007-4432

Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.

4.6CVSS6.6AI score0.00032EPSS

CVE•added 2007/10/16 12:17 a.m.•41 views

CVE-2007-5471

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that att...

7.8CVSS6.6AI score0.00817EPSS