Product:

Suse_linux

(Novell)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 17
Date Id Summary Products Score Patch Annotated
2025-01-14 CVE-2024-12088 A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. Almalinux, Arch_linux, Linux, Nixos, Suse_linux, Discovery, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_update_services_for_sap_solutions, Openshift_container_platform, Rsync, Smartos 7.5
2025-01-15 CVE-2024-12084 A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. Almalinux, Arch_linux, Linux, Nixos, Suse_linux, Enterprise_linux, Rsync, Smartos N/A
2007-03-06 CVE-2007-1285 The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. Ubuntu_linux, Suse_linux, Php, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_server 7.5
2015-04-16 CVE-2015-2567 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. Suse_linux, Suse_linux_for_vmware, Suse_linux_sdk, Mysql N/A
2015-04-16 CVE-2015-2566 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. Suse_linux, Suse_linux_for_vmware, Suse_linux_sdk, Mysql N/A
2013-07-29 CVE-2013-4854 The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. Fedora, Freebsd, Hp\-Ux, Bind, Dnsco_bind, Business_server, Enterprise_server, Suse_linux, Opensuse, Enterprise_linux, Slackware_linux, Suse_linux_enterprise_software_development_kit N/A
2011-04-18 CVE-2011-0988 pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. Suse_linux, Pure\-Ftpd N/A
2011-01-13 CVE-2010-3912 The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. Suse_linux N/A
2010-10-12 CVE-2010-3110 Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors. Suse_linux, Opensuse N/A
2010-09-03 CVE-2010-1507 WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. Suse_linux N/A