Linux Enterprise Server

linux_enterprise_server

Vendor: Suse • 474 CVEs

CVEs (474)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-0946 6Apple CanonicalDebian+3 more 9Debian Linux FreetypeIphone Os+6 more Apr 23, 2026 Apr 17, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cff...Show more Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.Show less
CVE-2009-0115 8Avaya Christophe.varoquiDebian+5 more 11Ctpview Debian LinuxFedora+8 more Apr 23, 2026 Mar 30, 2009 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writab...Show more The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.Show less
CVE-2009-1072 6Canonical DebianLinux+3 more 11Debian Linux EsxLinux Enterprise Desktop+8 more Apr 23, 2026 Mar 25, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been e...Show more nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.Show less
CVE-2009-0834 6Canonical DebianLinux+3 more 12Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+9 more Apr 23, 2026 Mar 6, 2009 N/A· v4 N/A· v3 3.6 LOW· v2 The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, whic...Show more The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.Show less
CVE-2009-0040 6Apple DebianFedoraproject+3 more 9Debian Linux FedoraIphone Os+6 more Apr 23, 2026 Feb 22, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly e...Show more The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.Show less
CVE-2008-5021 7Canonical DebianFedoraproject+4 more 13Debian Linux FedoraFirefox+10 more Apr 23, 2026 Nov 13, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute...Show more nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.Show less
CVE-2008-4989 6Canonical DebianFedoraproject+3 more 7Debian Linux FedoraGnutls+4 more Apr 23, 2026 Nov 13, 2008 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows...Show more The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).Show less
CVE-2008-1945 6Canonical DebianOpensuse+3 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+6 more Apr 23, 2026 Aug 8, 2008 N/A· v4 N/A· v3 2.1 LOW· v2 QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image head...Show more QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.Show less
CVE-2008-1375 6Canonical DebianFedoraproject+3 more 8Debian Linux FedoraLinux Enterprise Desktop+5 more Apr 23, 2026 May 2, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via...Show more Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.Show less
CVE-2008-0063 7Apple CanonicalDebian+4 more 11Debian Linux FedoraKerberos 5+8 more Apr 23, 2026 Mar 19, 2008 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "...Show more The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."Show less
CVE-2007-6427 7Apple CanonicalDebian+4 more 11Debian Linux FedoraLinux+8 more Apr 23, 2026 Jan 18, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerabili...Show more The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.Show less
CVE-2007-5000 6Apache CanonicalFedoraproject+3 more 7Fedora Http ServerHttp Server+4 more Apr 23, 2026 Dec 13, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 a...Show more Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2007-6206 6Canonical DebianLinux+3 more 12Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+9 more Apr 23, 2026 Dec 4, 2007 N/A· v4 N/A· v3 2.1 LOW· v2 The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in t...Show more The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.Show less
CVE-2007-1285 5Canonical NovellPhp+2 more 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+4 more Apr 23, 2026 Mar 6, 2007 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable...Show more The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.Show less

Previous 1...20 21 22 2324