10.2

DATE	CVE	VULNERABILITY TITLE	RISK
2008-06-06	CVE-2008-2389	Link Following vulnerability in Opensuse 10.2 opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack. local low complexity opensuse CWE-59	4.9
2008-06-06	CVE-2008-2388	Numeric Errors vulnerability in Opensuse 10.2 Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. network low complexity opensuse CWE-189 critical	10.0
2008-05-02	CVE-2008-1375	Race Condition vulnerability in multiple products Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. local linux canonical opensuse suse debian fedoraproject CWE-362	6.9
2008-03-31	CVE-2008-1567	Cleartext Storage of Sensitive Information vulnerability in multiple products phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. local low complexity phpmyadmin debian fedoraproject opensuse CWE-312	5.5
2008-03-19	CVE-2008-0063	Use of Uninitialized Resource vulnerability in multiple products The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." network low complexity mit apple opensuse suse debian canonical fedoraproject CWE-908	7.5
2008-01-18	CVE-2007-6427	Out-Of-Bounds Write vulnerability in multiple products The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. network x-org canonical debian apple fedoraproject opensuse suse CWE-787 critical	9.3
2007-11-02	CVE-2007-5197	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mono Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. network low complexity suse debian opensuse mono CWE-119	7.5
2007-10-14	CVE-2007-5200	Link Following vulnerability in Opensuse 10.2/10.3 hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file. local opensuse CWE-59	3.3