Suse: >> Suse Linux Security Vulnerabilities
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
CVSS Score
10.0
EPSS Score
0.156
Published
2005-01-10
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-01-10
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."
CVSS Score
1.2
EPSS Score
0.001
Published
2005-01-10
The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626.
CVSS Score
5.0
EPSS Score
0.007
Published
2004-12-31
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
CVSS Score
5.1
EPSS Score
0.063
Published
2004-12-31
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVSS Score
7.5
EPSS Score
0.036
Published
2004-12-31
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
CVSS Score
5.1
EPSS Score
0.021
Published
2004-12-31
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
CVSS Score
5.0
EPSS Score
0.259
Published
2004-12-31
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
CVSS Score
2.1
EPSS Score
0.001
Published
2004-12-31
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.
CVSS Score
2.1
EPSS Score
0.001
Published
2004-12-31