Lucene search
K
SusecveMost viewed

59380 matches found

SUSE CVE
SUSE CVE
•added 2023/02/15 5:57 a.m.•9 views

SUSE CVE-2010-3558

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

10CVSS6.6AI score0.049EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2023/02/15 5:57 a.m.•9 views

SUSE CVE-2010-3556

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

10CVSS6.6AI score0.05193EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2023/02/15 5:57 a.m.•9 views

SUSE CVE-2010-3570

Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

7.6CVSS6.6AI score0.03897EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/02/15 5:56 a.m.•9 views

SUSE CVE-2010-3708

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

7.5CVSS7.6AI score0.03017EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:50 a.m.•9 views

SUSE CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

8.5CVSS6.3AI score0.45576EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:50 a.m.•9 views

SUSE CVE-2011-4317

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

4.3CVSS9.1AI score0.60783EPSS
Exploits3References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:49 a.m.•9 views

SUSE CVE-2011-4415

The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...

1.2CVSS6.8AI score0.031EPSS
Exploits4References4
SUSE CVE
SUSE CVE
•added 2023/02/15 5:49 a.m.•9 views

SUSE CVE-2011-5034

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461...

7.8CVSS5.5AI score0.81155EPSS
Exploits5References4
SUSE CVE
SUSE CVE
•added 2023/02/15 5:49 a.m.•9 views

SUSE CVE-2012-0061

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large region size in a package header...

6.8CVSS7.9AI score0.04378EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:49 a.m.•9 views

SUSE CVE-2012-0435

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984...

5.8CVSS6.8AI score0.02081EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/02/15 5:48 a.m.•9 views

SUSE CVE-2012-1145

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when modwsgi is used, which allows remote attackers to cause a denial of service /var partition disk consumption and failed updates via a...

5CVSS6.9AI score0.03016EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:44 a.m.•9 views

SUSE CVE-2012-5067

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment...

5CVSS6.5AI score0.63983EPSS
Exploits4References7
SUSE CVE
SUSE CVE
•added 2023/02/15 5:43 a.m.•9 views

SUSE CVE-2012-5670

The bdfparseglyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service out-of-bounds write and crash via vectors related to BDF fonts and an ENCODING field with a negative value...

4.3CVSS6.8AI score0.02688EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:38 a.m.•9 views

SUSE CVE-2013-2423

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented...

4.3CVSS6.7AI score0.85333EPSS
Exploits6References4
SUSE CVE
SUSE CVE
•added 2023/02/15 5:32 a.m.•9 views

SUSE CVE-2014-0376

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...

5CVSS6.4AI score0.03779EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2023/02/15 5:28 a.m.•9 views

SUSE CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

3.4CVSS8.7AI score0.99999EPSS
Exploits7References81
SUSE CVE
SUSE CVE
•added 2023/02/15 5:23 a.m.•9 views

SUSE CVE-2015-0235

Heap-based buffer overflow in the nsshostnamedigitsdots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the 1 gethostbyname or 2 gethostbyname2 function, aka "GHOST."...

10CVSS8.2AI score0.94859EPSS
Exploits29References15
SUSE CVE
SUSE CVE
•added 2023/02/15 5:17 a.m.•9 views

SUSE CVE-2015-4732

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590...

10CVSS5.2AI score0.06457EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2023/02/15 5:17 a.m.•9 views

SUSE CVE-2015-4852

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...

9.8CVSS7.6AI score0.96032EPSS
Exploits17References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:17 a.m.•9 views

SUSE CVE-2015-4863

Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

10CVSS7.9AI score0.03092EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:11 a.m.•9 views

SUSE CVE-2015-8656

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial o...

9.3CVSS9.2AI score0.07152EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2023/02/15 5:9 a.m.•9 views

SUSE CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

7.5CVSS6.9AI score0.49024EPSS
Exploits4References7
SUSE CVE
SUSE CVE
•added 2023/02/15 5:9 a.m.•9 views

SUSE CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

7.5CVSS7.6AI score0.95537EPSS
Exploits11References12
SUSE CVE
SUSE CVE
•added 2023/02/15 5:0 a.m.•9 views

SUSE CVE-2016-5584

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption...

4.4CVSS8.5AI score0.01493EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2023/02/15 4:59 a.m.•9 views

SUSE CVE-2016-6664

mysqldsafe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when...

7.8CVSS9AI score0.0308EPSS
Exploits10References14
SUSE CVE
SUSE CVE
•added 2023/02/15 4:54 a.m.•9 views

SUSE CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOT...

9.8CVSS8AI score0.98038EPSS
Exploits19References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:52 a.m.•9 views

SUSE CVE-2017-3312

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure...

6.7CVSS8.1AI score0.00446EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2023/02/15 4:44 a.m.•9 views

SUSE CVE-2017-9268

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service resource consumption...

6.5CVSS5.6AI score0.00612EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:44 a.m.•9 views

SUSE CVE-2017-9765

Integer overflow in the soapget function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow and application crash via a large XML document, aka Devil'...

8.1CVSS8.2AI score0.21894EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:35 a.m.•9 views

SUSE CVE-2017-1000128

Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser...

3.3CVSS8.9AI score0.01119EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/02/15 4:33 a.m.•9 views

SUSE CVE-2018-3174

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the...

5.3CVSS7.3AI score0.0081EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2023/02/15 4:33 a.m.•9 views

SUSE CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

4.3CVSS8.1AI score0.60631EPSS
Exploits2References111
SUSE CVE
SUSE CVE
•added 2023/02/15 4:31 a.m.•9 views

SUSE CVE-2018-5333

In the Linux kernel through 4.14.13, the rdscmsgatomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rdsatomicfreeop NULL pointer dereference...

2.9CVSS6.4AI score0.07679EPSS
Exploits5References14
SUSE CVE
SUSE CVE
•added 2023/02/15 4:29 a.m.•9 views

SUSE CVE-2018-7492

A NULL pointer dereference was found in the net/rds/rdma.c rdsrdmamap function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDSGETMR and RDSGETMRFORDEST...

6.2CVSS6AI score0.00652EPSS
Exploits1References15
SUSE CVE
SUSE CVE
•added 2023/02/15 4:23 a.m.•9 views

SUSE CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

6.8CVSS7.8AI score0.05039EPSS
Exploits0References37
SUSE CVE
SUSE CVE
•added 2023/02/15 4:22 a.m.•9 views

SUSE CVE-2018-19360

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization...

9.8CVSS8.9AI score0.10599EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2023/02/15 4:18 a.m.•9 views

SUSE CVE-2019-2614

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

4.4CVSS7AI score0.0281EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2023/02/15 4:16 a.m.•9 views

SUSE CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

4.8CVSS8.3AI score0.58204EPSS
Exploits9References32
SUSE CVE
SUSE CVE
•added 2023/02/15 4:16 a.m.•9 views

SUSE CVE-2019-7283

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...

7.4CVSS6.7AI score0.01976EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:14 a.m.•9 views

SUSE CVE-2019-9144

An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact...

8.8CVSS7.4AI score0.02783EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:14 a.m.•9 views

SUSE CVE-2019-9503

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and unprocessed. I...

4.7CVSS7.5AI score0.03313EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2023/02/15 4:13 a.m.•9 views

SUSE CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...

7.1CVSS7.4AI score0.81466EPSS
Exploits4References10
SUSE CVE
SUSE CVE
•added 2023/02/15 4:12 a.m.•9 views

SUSE CVE-2019-11487

The Linux kernel before 5.1-rc5 allows page-refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipefsi.h, kernel/trace/trace.c, mm/gup.c, and...

7.8CVSS6.9AI score0.00708EPSS
Exploits1References25
SUSE CVE
SUSE CVE
•added 2023/02/15 4:9 a.m.•9 views

SUSE CVE-2019-14523

An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmtoktloadsong in the Amiga Oktalyzer parser in fmt/okt.c...

7.8CVSS7.5AI score0.01238EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2023/02/15 4:9 a.m.•9 views

SUSE CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig...

7.5CVSS9.2AI score0.10676EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2023/02/15 4:8 a.m.•9 views

SUSE CVE-2019-15927

An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function buildaudioprocunit in the file sound/usb/mixer.c...

4.9CVSS7.6AI score0.00412EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2023/02/15 4:7 a.m.•9 views

SUSE CVE-2019-17666

rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow...

5.4CVSS7AI score0.03017EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2023/02/15 4:6 a.m.•9 views

SUSE CVE-2019-19057

Two memory leaks in the mwifiexpcieinitevtring function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption by triggering mwifiexmappcimemory failures, aka CID-d10dcb615c8e...

4CVSS6.8AI score0.00788EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2023/02/15 4:5 a.m.•9 views

SUSE CVE-2019-19770

In the Linux kernel 4.19.83, there is a use-after-free read in the debugfsremove function in fs/debugfs/inode.c which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfscreatefile. NOTE: Linux kernel developers dispu...

5.7CVSS6.6AI score0.02447EPSS
Exploits1References16
SUSE CVE
SUSE CVE
•added 2023/02/15 4:5 a.m.•9 views

SUSE CVE-2019-20636

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by inputsetkeycode, aka CID-cb222aed03d7...

6.7CVSS6.6AI score0.00384EPSS
Exploits0References3
Total number of security vulnerabilities5000