CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Suse : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-4432 +Priv 2007-08-20 2008-11-15
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.
2 CVE-2007-4393 2007-08-17 2008-11-15
4.6
User Local Low Not required Partial Partial Partial
The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.
3 CVE-2007-2654 362 2007-05-14 2008-11-13
4.4
None Local Medium Not required Partial Partial Partial
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
4 CVE-2006-6662 264 2006-12-20 2008-09-05
4.1
User Local Medium Single system Partial Partial Partial
Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.
5 CVE-2006-0646 Exec Code 2006-02-11 2008-09-05
4.4
User Local Medium Not required Partial Partial Partial
ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file.
6 CVE-2006-0043 Exec Code Overflow 2006-01-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.
7 CVE-2005-3321 2005-10-27 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
8 CVE-2005-3148 2005-10-05 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.
9 CVE-2005-3013 Exec Code Overflow 2005-09-21 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.
10 CVE-2005-0543 XSS 2005-02-24 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
11 CVE-2004-1184 Exec Code 2005-01-21 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
12 CVE-2004-0905 Exec Code 2004-09-14 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
13 CVE-2003-0847 2003-11-17 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file.
14 CVE-2003-0846 2003-11-17 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file.
15 CVE-2002-2185 DoS 2002-12-31 2010-08-21
4.9
None Local Low Not required None None Complete
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
16 CVE-2001-0641 Exec Code Overflow 2001-09-20 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.
17 CVE-2001-0610 +Priv 2001-08-02 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
18 CVE-2000-0433 +Priv 2000-05-02 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles.
19 CVE-1999-0433 DoS +Priv 1999-03-21 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
20 CVE-1999-0409 Overflow 1999-03-04 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access.
21 CVE-1999-0234 1996-10-08 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
Bash treats any character with a value of 255 as a command separator.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.