Vulnerabilities > Suse > Suse Linux > 9.0

DATE CVE VULNERABILITY TITLE RISK
2007-11-02 CVE-2007-5197 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mono
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
network
low complexity
suse debian opensuse mono CWE-119
7.5
2007-08-17 CVE-2007-4394 Local Security vulnerability in Linux Desktop
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
local
low complexity
novell suse
2.1
2007-05-14 CVE-2007-2654 Race Condition vulnerability in multiple products
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
4.4
2007-01-24 CVE-2007-0460 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Suse Linux
Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."
network
low complexity
suse CWE-119
critical
10.0
2006-06-01 CVE-2006-2752 Remote Security vulnerability in Suse Linux 9.0
The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password.
network
low complexity
suse
6.4
2006-06-01 CVE-2006-2703 Man In The Middle vulnerability in Suse Linux 9.0
The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack.
network
low complexity
suse
5.0
2006-02-11 CVE-2006-0646 Unspecified vulnerability in Suse Linux
ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file.
local
suse
4.4
2005-12-31 CVE-2005-4772 Unspecified vulnerability in Suse products
liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
network
low complexity
suse
6.4
2005-12-31 CVE-2005-3626 Resource Management Errors vulnerability in multiple products
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
5.0
2005-12-31 CVE-2005-3625 Resource Management Errors vulnerability in multiple products
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
10.0