Vulnerabilities > Suse > Linux Enterprise Desktop
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-30 | CVE-2009-0115 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. local low complexity christophe-varoqui fedoraproject debian avaya suse opensuse novell juniper CWE-732 | 7.8 |
2008-05-02 | CVE-2008-1375 | Race Condition vulnerability in multiple products Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. | 6.9 |
2008-03-19 | CVE-2008-0063 | Use of Uninitialized Resource vulnerability in multiple products The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | 7.5 |
2008-01-18 | CVE-2007-6427 | Out-Of-Bounds Write vulnerability in multiple products The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | 9.3 |
2006-12-20 | CVE-2006-6662 | Local Security vulnerability in Suse products Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password. local suse | 4.1 |