Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2023/03/02 3:59 a.m.9 views

SUSE CVE-2023-22998

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the drmgemshmemgetsgtable return value expects it to be NULL in the error case, whereas it is actually an error pointer...

5.5CVSS6.7AI score0.00304EPSS
Exploits0References23
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.9 views

SUSE CVE-2002-2437

The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited w...

5CVSS6.4AI score0.01333EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.9 views

SUSE CVE-2003-0434

Various PDF viewers including 1 Adobe Acrobat 5.06 and 2 Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink...

7.5CVSS7.8AI score0.40942EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.9 views

SUSE CVE-2004-0686

Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors...

5CVSS7.3AI score0.03666EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.9 views

SUSE CVE-2004-1237

Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service system crash via unknown vectors...

2.1CVSS6.6AI score0.00358EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.9 views

SUSE CVE-2006-0200

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages...

9.3CVSS8.1AI score0.19363EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.9 views

SUSE CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check...

5CVSS7AI score0.12174EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.9 views

SUSE CVE-2006-3014

Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet...

5.1CVSS7.4AI score0.30101EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.9 views

SUSE CVE-2006-6737

Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...

4.3CVSS6.8AI score0.02311EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.9 views

SUSE CVE-2007-2164

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

5CVSS7AI score0.0142EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.9 views

SUSE CVE-2007-2293

Multiple stack-based buffer overflows in the processsdp function in chansip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long 1 T38FaxRateManagement or 2 T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP...

7.6CVSS8.3AI score0.23878EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.9 views

SUSE CVE-2007-2449

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS4.8AI score0.77376EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.9 views

SUSE CVE-2007-2789

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

4.3CVSS6.8AI score0.03485EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.9 views

SUSE CVE-2007-3503

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting XSS vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.03051EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.9 views

SUSE CVE-2007-4394

Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors...

2.1CVSS6.6AI score0.00355EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.9 views

SUSE CVE-2007-5377

The 1 tramp-make-temp-file and 2 tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files...

6.9CVSS6.8AI score0.00307EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.9 views

SUSE CVE-2009-0692

Stack-based buffer overflow in the scriptwriteparams method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option...

10CVSS8.3AI score0.2578EPSS
Exploits9References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.9 views

SUSE CVE-2009-0876

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DTRPATH:$ORIGIN...

6.9CVSS7.1AI score0.00781EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.9 views

SUSE CVE-2009-3461

Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors...

9.3CVSS6.8AI score0.03273EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.9 views

SUSE CVE-2009-4034

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle...

5.8CVSS7AI score0.0213EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.9 views

SUSE CVE-2010-0084

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091...

5CVSS6.7AI score0.03162EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.9 views

SUSE CVE-2010-0837

Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

7.5CVSS8.2AI score0.03839EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.9 views

SUSE CVE-2010-0846

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

7.5CVSS8.7AI score0.06581EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.9 views

SUSE CVE-2010-0886

Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

10CVSS6.6AI score0.69949EPSS
Exploits7References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.9 views

SUSE CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.9 views

SUSE CVE-2010-3377

The 1 runSalome, 2 runTestMedCorba, 3 runLightSalome, and 4 hxx2salome scripts in SALOME 5.1.3 place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

6.9CVSS7.1AI score0.00381EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.9 views

SUSE CVE-2010-3558

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

10CVSS6.6AI score0.049EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.9 views

SUSE CVE-2010-3556

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

10CVSS6.6AI score0.05193EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.9 views

SUSE CVE-2010-3570

Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

7.6CVSS6.6AI score0.03897EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.9 views

SUSE CVE-2010-3708

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

7.5CVSS7.6AI score0.03017EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.9 views

SUSE CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

8.5CVSS6.3AI score0.45576EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.9 views

SUSE CVE-2011-4317

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

4.3CVSS9.1AI score0.60783EPSS
Exploits3References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.9 views

SUSE CVE-2011-4415

The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...

1.2CVSS6.8AI score0.031EPSS
Exploits4References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.9 views

SUSE CVE-2011-5034

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461...

7.8CVSS5.5AI score0.81155EPSS
Exploits5References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.9 views

SUSE CVE-2012-0061

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large region size in a package header...

6.8CVSS7.9AI score0.04378EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.9 views

SUSE CVE-2012-0435

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984...

5.8CVSS6.8AI score0.02081EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.9 views

SUSE CVE-2012-1145

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when modwsgi is used, which allows remote attackers to cause a denial of service /var partition disk consumption and failed updates via a...

5CVSS6.9AI score0.03016EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.9 views

SUSE CVE-2012-5067

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment...

5CVSS6.5AI score0.63983EPSS
Exploits4References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.9 views

SUSE CVE-2012-5670

The bdfparseglyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service out-of-bounds write and crash via vectors related to BDF fonts and an ENCODING field with a negative value...

4.3CVSS6.8AI score0.02688EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.9 views

SUSE CVE-2013-1537

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

10CVSS7AI score0.09875EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 5:38 a.m.9 views

SUSE CVE-2013-2425

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install...

10CVSS4.4AI score0.04712EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.9 views

SUSE CVE-2014-0376

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...

5CVSS6.4AI score0.03779EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.9 views

SUSE CVE-2015-0235

Heap-based buffer overflow in the nsshostnamedigitsdots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the 1 gethostbyname or 2 gethostbyname2 function, aka "GHOST."...

10CVSS8.2AI score0.94859EPSS
Exploits29References15
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.9 views

SUSE CVE-2015-4852

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...

9.8CVSS7.6AI score0.96032EPSS
Exploits17References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.9 views

SUSE CVE-2015-5161

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS7.1AI score0.09911EPSS
Exploits7References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.9 views

SUSE CVE-2015-7311

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image...

3.6CVSS6.5AI score0.00417EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 5:11 a.m.9 views

SUSE CVE-2015-8656

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial o...

9.3CVSS9.2AI score0.07152EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.9 views

SUSE CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

7.5CVSS6.9AI score0.49024EPSS
Exploits4References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.9 views

SUSE CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

7.5CVSS7.6AI score0.95537EPSS
Exploits11References12
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.9 views

SUSE CVE-2016-3087

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...

9.8CVSS8.1AI score0.81087EPSS
Exploits4References3
Total number of security vulnerabilities5000