Vulnerabilities > Suse > Suse Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-24 | CVE-2017-3224 | Insufficient Verification of Data Authenticity vulnerability in multiple products Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. | 4.3 |
| 2007-10-14 | CVE-2007-5195 | Information Exposure vulnerability in Suse Linux 10 Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196. | 6.8 |
| 2007-08-20 | CVE-2007-4432 | Local Security vulnerability in Linux Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. | 4.6 |
| 2007-08-17 | CVE-2007-4393 | Unspecified vulnerability in Suse Linux The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions. | 4.6 |
| 2007-05-14 | CVE-2007-2654 | Race Condition vulnerability in multiple products xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems. | 4.4 |
| 2006-12-20 | CVE-2006-6662 | Local Security vulnerability in Suse products Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password. local suse | 4.1 |
| 2006-09-12 | CVE-2006-2658 | Directory Traversal vulnerability in Mono XSP Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-06-01 | CVE-2006-2752 | Remote Security vulnerability in Suse Linux 9.0 The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password. | 6.4 |
| 2006-06-01 | CVE-2006-2703 | Man In The Middle vulnerability in Suse Linux 9.0 The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack. | 5.0 |
| 2006-02-23 | CVE-2006-0803 | The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used. | 5.0 |