suse vulnerabilities and exploits

4.3
CVSSv2
CVE-2011-4193

Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning....

2.1
CVSSv2
CVE-2004-2097

Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5)...

4.6
CVSSv2
CVE-2003-0846

SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file....

4.6
CVSSv2
CVE-2003-0847

SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file....

SuseSuse Linux
7.2
CVSSv2
CVE-2008-3949

emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file....

7.2
CVSSv2
CVE-2002-1285

runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments....

2.1
CVSSv2
CVE-2000-0361

The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information....

3.5
CVSSv2
CVE-2011-4190

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server...

6.8
CVSSv2
CVE-2007-5195

Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196....

6.2
CVSSv2
CVE-2000-0363

Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory....