Every CVE whose affected-product data names Suse Suse Linux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2000-0844 — CVSS 10.0 (critical): Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local…
CVE-2000-0491 — CVSS 10.0 (critical): Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a…
CVE-2000-0614 — CVSS 10.0 (critical): Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify…
CVE-2000-0666 — CVSS 10.0 (critical): rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote…
CVE-2000-0800 — CVSS 10.0 (critical): String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to…
CVE-2004-0889 — CVSS 10.0 (critical): Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of…
CVE-2004-0888 — CVSS 10.0 (critical): Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote…
CVE-2000-1040 — CVSS 10.0 (critical): Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker…
CVE-2000-1044 — CVSS 10.0 (critical): Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root…
CVE-2005-3625 — CVSS 10.0 (critical): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2004-0947 — CVSS 10.0 (critical): Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.
CVE-2004-0461 — CVSS 10.0 (critical): The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function…
CVE-2004-0460 — CVSS 10.0 (critical): Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause…
CVE-2006-5616 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via…
CVE-2007-0460 — CVSS 10.0 (critical): Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors…
CVE-2007-4074 — CVSS 10.0 (critical): The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux…
CVE-2004-0929 — CVSS 10.0 (critical): Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the…
CVE-2004-0914 — CVSS 10.0 (critical): Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows…
CVE-2004-2004 — CVSS 10.0 (critical): The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges…
CVE-2004-1154 — CVSS 10.0 (critical): Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of…
CVE-2004-0981 — CVSS 10.0 (critical): Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain…
CVE-2005-2023 — CVSS 10.0 (critical): The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent…
CVE-2004-0903 — CVSS 10.0 (critical): Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before…
CVE-2004-0990 — CVSS 10.0 (critical): Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of…
CVE-2004-0902 — CVSS 10.0 (critical): Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow…
CVE-2002-0083 — CVSS 9.8 (critical): Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
CVE-2017-3224 — CVSS 8.2 (high): Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with…
CVE-2007-5471 — CVSS 7.8 (high): libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization…
CVE-2004-0940 — CVSS 7.8 (high): Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to…
CVE-2005-0605 — CVSS 7.5 (high): scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
CVE-2004-1096 — CVSS 7.5 (high): Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus…
CVE-2004-1098 — CVSS 7.5 (high): MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that…
CVE-2010-0230 — CVSS 7.5 (high): SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote…
CVE-2004-1175 — CVSS 7.5 (high): fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell…
CVE-2004-1176 — CVSS 7.5 (high): Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly…
CVE-2005-0639 — CVSS 7.5 (high): Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from…
CVE-2005-0638 — CVSS 7.5 (high): xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for…
CVE-2005-0373 — CVSS 7.5 (high): Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL…
CVE-2005-0337 — CVSS 7.5 (high): Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote…
CVE-2005-0206 — CVSS 7.5 (high): The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux…
CVE-2005-0005 — CVSS 7.5 (high): Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute…
CVE-2009-1648 — CVSS 7.5 (high): The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain…
CVE-1999-0434 — CVSS 7.5 (high): XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing…
CVE-2001-0458 — CVSS 7.5 (high): Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
CVE-2007-5196 — CVSS 7.5 (high): Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux…
CVE-2001-0763 — CVSS 7.5 (high): Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response…
CVE-2001-0869 — CVSS 7.5 (high): Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow…
CVE-2001-1130 — CVSS 7.5 (high): Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that…
CVE-2002-0758 — CVSS 7.5 (high): ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses…
CVE-2002-0768 — CVSS 7.5 (high): Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to…
CVE-2005-3298 — CVSS 7.5 (high): Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2004-0687 — CVSS 7.5 (high): Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c…
CVE-2004-0688 — CVSS 7.5 (high): Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4)…
CVE-2004-0746 — CVSS 7.5 (high): Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and…
CVE-2004-0803 — CVSS 7.5 (high): Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer…
CVE-2004-0817 — CVSS 7.5 (high): Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVE-2004-0827 — CVSS 7.5 (high): Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a…
CVE-2004-0866 — CVSS 7.5 (high): Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which…
CVE-2004-0867 — CVSS 7.5 (high): Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which…
CVE-2004-0932 — CVSS 7.5 (high): McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote…
CVE-2004-0933 — CVSS 7.5 (high): Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure…
CVE-2004-0934 — CVSS 7.5 (high): Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to…
CVE-2004-0935 — CVSS 7.5 (high): Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both…
CVE-2004-0936 — CVSS 7.5 (high): RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero…
CVE-2004-0937 — CVSS 7.5 (high): Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass…
CVE-2004-0991 — CVSS 7.5 (high): Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.
CVE-2004-1004 — CVSS 7.5 (high): Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVE-2004-1005 — CVSS 7.5 (high): Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVE-2024-12085 — CVSS 7.5 (high): A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the…
CVE-2000-1134 — CVSS 7.2 (high): Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing <<…
CVE-2004-0496 — CVSS 7.2 (high): Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of…
CVE-2001-0872 — CVSS 7.2 (high): OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows…
CVE-2001-1012 — CVSS 7.2 (high): Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a…
CVE-2000-0218 — CVSS 7.2 (high): Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.
CVE-2002-0004 — CVSS 7.2 (high): Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes…
CVE-2002-0062 — CVSS 7.2 (high): Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges…
CVE-2001-0525 — CVSS 7.2 (high): Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain…
CVE-1999-1182 — CVSS 7.2 (high): Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a…
CVE-2002-0762 — CVSS 7.2 (high): shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some…
CVE-2004-1070 — CVSS 7.2 (high): The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not…
CVE-2002-0854 — CVSS 7.2 (high): Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the i4l package on SuSE 7.3, 8.0, and possibly other operating…
CVE-2002-1285 — CVSS 7.2 (high): runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments.
CVE-2001-0193 — CVSS 7.2 (high): Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.
CVE-2007-6167 — CVSS 7.2 (high): Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious…
CVE-2001-0172 — CVSS 7.2 (high): Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to cause a denial of service and possibly execute arbitrary commands by…
CVE-2006-0745 — CVSS 7.2 (high): X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the…
CVE-2008-3949 — CVSS 7.2 (high): emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python…
CVE-2004-0495 — CVSS 7.2 (high): Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the…
CVE-2000-1095 — CVSS 7.2 (high): modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
CVE-2004-1071 — CVSS 7.2 (high): The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to…
CVE-2004-1072 — CVSS 7.2 (high): The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that…
CVE-2000-0231 — CVSS 7.2 (high): Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.
CVE-1999-0906 — CVSS 7.2 (high): Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.
CVE-2005-0750 — CVSS 7.2 (high): The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users…
CVE-2000-0340 — CVSS 7.2 (high): Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.
CVE-2005-1763 — CVSS 7.2 (high): Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.
CVE-2004-0887 — CVSS 7.2 (high): SUSE Linux Enterprise Server 9 on the S/390 platform does not properly handle a certain privileged instruction, which allows local users to…
CVE-2000-0438 — CVSS 7.2 (high): Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint…
CVE-2000-0362 — CVSS 7.2 (high): Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.
CVE-1999-0462 — CVSS 7.2 (high): suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid…
CVE-2000-0229 — CVSS 7.2 (high): gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from…
CVE-2005-4790 — CVSS 6.9 (medium): Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to…
CVE-2004-0957 — CVSS 6.8 (medium): Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore)…
CVE-2007-5195 — CVSS 6.8 (medium): Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux…
CVE-2005-0085 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or…
CVE-2024-12087 — CVSS 6.5 (medium): A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option…
CVE-2004-0883 — CVSS 6.4 (medium): Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of…
CVE-2005-4772 — CVSS 6.4 (medium): liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote…
CVE-2003-1538 — CVSS 6.4 (medium): susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters…
CVE-2006-2752 — CVSS 6.4 (medium): The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which…
CVE-2004-0949 — CVSS 6.4 (medium): The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of…
CVE-2001-0834 — CVSS 6.4 (medium): htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate…
CVE-2004-1235 — CVSS 6.2 (medium): Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6…
CVE-2000-0363 — CVSS 6.2 (medium): Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.
CVE-2024-12086 — CVSS 6.1 (medium): A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue…
CVE-2004-0802 — CVSS 5.1 (medium): Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP…
CVE-2004-1476 — CVSS 5.1 (medium): Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute…
CVE-2001-0918 — CVSS 5.1 (medium): Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files…
CVE-2005-0398 — CVSS 5.0 (medium): The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
CVE-1999-0746 — CVSS 5.0 (medium): A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of…
CVE-1999-0804 — CVSS 5.0 (medium): Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.
CVE-2000-0868 — CVSS 5.0 (medium): The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the…
CVE-2000-0869 — CVSS 5.0 (medium): The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories…
CVE-2000-1016 — CVSS 5.0 (medium): The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to…
CVE-2000-1107 — CVSS 5.0 (medium): in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the…
CVE-2001-0851 — CVSS 5.0 (medium): Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
CVE-2004-0592 — CVSS 5.0 (medium): The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and…
CVE-2004-0626 — CVSS 5.0 (medium): The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote…
CVE-2004-0807 — CVSS 5.0 (medium): Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed…
CVE-2004-0886 — CVSS 5.0 (medium): Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption)…
CVE-2004-0956 — CVSS 5.0 (medium): MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening…
CVE-2004-1009 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
CVE-2004-1090 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."
CVE-2004-1091 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
CVE-2004-1092 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
CVE-2004-1093 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
CVE-2004-1139 — CVSS 5.0 (medium): Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service…
CVE-2004-1142 — CVSS 5.0 (medium): Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
CVE-2004-1145 — CVSS 5.0 (medium): Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not…
CVE-2004-1174 — CVSS 5.0 (medium): direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file…
CVE-2004-1491 — CVSS 5.0 (medium): Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a…
CVE-2005-0384 — CVSS 5.0 (medium): Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash)…
CVE-2005-0470 — CVSS 5.0 (medium): Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid…
CVE-2005-1043 — CVSS 5.0 (medium): exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a…
CVE-2005-3322 — CVSS 5.0 (medium): Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
CVE-2005-3624 — CVSS 5.0 (medium): The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others…
CVE-2005-3626 — CVSS 5.0 (medium): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2006-0803 — CVSS 5.0 (medium): The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for…
CVE-2006-2658 — CVSS 5.0 (medium): Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE…
CVE-2006-2703 — CVSS 5.0 (medium): The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network…
CVE-2002-2185 — CVSS 4.9 (medium): The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's…
CVE-1999-0433 — CVSS 4.6 (medium): XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing…
CVE-2004-1184 — CVSS 4.6 (medium): The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
CVE-2003-0847 — CVSS 4.6 (medium): SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the…
CVE-2003-0846 — CVSS 4.6 (medium): SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on…
CVE-2001-0610 — CVSS 4.6 (medium): kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in…
CVE-2006-0043 — CVSS 4.6 (medium): Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute…
CVE-2005-3013 — CVSS 4.6 (medium): Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long…
CVE-2007-4393 — CVSS 4.6 (medium): The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle…
CVE-2005-3148 — CVSS 4.6 (medium): StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2)…
CVE-2007-4432 — CVSS 4.6 (medium): Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover…
CVE-2004-0905 — CVSS 4.6 (medium): Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform…
CVE-2001-0641 — CVSS 4.6 (medium): Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S…
CVE-2005-3321 — CVSS 4.6 (medium): chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a…
CVE-2000-0433 — CVSS 4.6 (medium): The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to…
CVE-2007-2654 — CVSS 4.4 (medium): xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary…
CVE-2006-0646 — CVSS 4.4 (medium): ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which…
CVE-2006-6662 — CVSS 4.1 (medium): Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under…
CVE-2005-0156 — CVSS 2.1 (low): Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute…
CVE-2004-2658 — CVSS 2.1 (low): resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
CVE-2005-0207 — CVSS 2.1 (low): Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
CVE-2004-2097 — CVSS 2.1 (low): Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by…
CVE-2004-1895 — CVSS 2.1 (low): YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
CVE-2004-1237 — CVSS 2.1 (low): Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a…
CVE-2004-1190 — CVSS 2.1 (low): SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened…
CVE-2005-1761 — CVSS 2.1 (low): Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the…
CVE-2004-1073 — CVSS 2.1 (low): The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users…
CVE-2005-1767 — CVSS 2.1 (low): traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial…
CVE-2005-3146 — CVSS 2.1 (low): StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.
CVE-2005-3147 — CVSS 2.1 (low): StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.
CVE-2004-0587 — CVSS 2.1 (low): Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
CVE-2000-0361 — CVSS 2.1 (low): The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local…
CVE-2004-0554 — CVSS 2.1 (low): Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that…
CVE-2000-0293 — CVSS 2.1 (low): aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names…
CVE-2004-0535 — CVSS 2.1 (low): The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read…
CVE-2005-4788 — CVSS 2.1 (low): resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via…
CVE-2005-4789 — CVSS 2.1 (low): resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some…
CVE-2004-0497 — CVSS 2.1 (low): Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
CVE-2004-0064 — CVSS 2.1 (low): The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files…