Vulnerabilities > Suse > Suse Linux > High

DATE CVE VULNERABILITY TITLE RISK
2010-01-22 CVE-2010-0230 Permissions, Privileges, and Access Controls vulnerability in Suse Opensuse and Suse Linux
SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
network
low complexity
suse CWE-264
7.5
2009-07-05 CVE-2009-1648 Configuration vulnerability in Suse Linux 11
The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.
network
low complexity
suse CWE-16
7.5
2009-05-14 CVE-2009-0714 Privilege Escalation vulnerability in HP Data Protector Express 3.5/4.0
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets.
local
low complexity
microsoft novell redhat suse hp
7.2
2008-09-22 CVE-2008-3949 Code Injection vulnerability in Suse Linux
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
local
low complexity
suse CWE-94
7.2
2007-11-29 CVE-2007-6167 Permissions, Privileges, and Access Controls vulnerability in Suse Linux
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.
local
low complexity
suse CWE-264
7.2
2007-11-02 CVE-2007-5197 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mono
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
network
low complexity
suse debian opensuse mono CWE-119
7.5
2007-10-16 CVE-2007-5471 Denial Of Service vulnerability in Suse Linux 10
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request.
network
low complexity
suse
7.8
2007-10-14 CVE-2007-5196 Information Exposure vulnerability in Suse Linux 10
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.
network
low complexity
suse CWE-200
7.5
2006-03-21 CVE-2006-0745 Local Privilege Escalation vulnerability in X.Org X Window Server
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
local
low complexity
x-org mandrakesoft redhat sun suse
7.2
2005-10-23 CVE-2005-3298 Remote Buffer Overflow vulnerability in Suse Linux 9.0
Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
network
low complexity
suse
7.5