Lucene search
K
SusecveMost viewed

59855 matches found

SUSE CVE
SUSE CVE
•added 2023/02/15 5:9 a.m.•9 views

SUSE CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

7.5CVSS7.6AI score0.95537EPSS
Exploits11References12
SUSE CVE
SUSE CVE
•added 2023/02/15 5:5 a.m.•9 views

SUSE CVE-2016-3087

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...

9.8CVSS8.1AI score0.81087EPSS
Exploits4References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:0 a.m.•9 views

SUSE CVE-2016-5584

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption...

4.4CVSS8.5AI score0.01493EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2023/02/15 4:59 a.m.•9 views

SUSE CVE-2016-6664

mysqldsafe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when...

7.8CVSS9AI score0.0308EPSS
Exploits10References14
SUSE CVE
SUSE CVE
•added 2023/02/15 4:52 a.m.•9 views

SUSE CVE-2017-3312

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure...

6.7CVSS8.1AI score0.00446EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2023/02/15 4:44 a.m.•9 views

SUSE CVE-2017-9268

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service resource consumption...

6.5CVSS5.6AI score0.00612EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:44 a.m.•9 views

SUSE CVE-2017-9765

Integer overflow in the soapget function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow and application crash via a large XML document, aka Devil'...

8.1CVSS8.2AI score0.21894EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:35 a.m.•9 views

SUSE CVE-2017-1000128

Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser...

3.3CVSS8.9AI score0.01119EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/02/15 4:35 a.m.•9 views

SUSE CVE-2017-1000185

In SWFTools, a memcpy buffer overflow was found in gif2swf...

5.5CVSS5.7AI score0.00746EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:33 a.m.•9 views

SUSE CVE-2018-3174

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the...

5.3CVSS7.3AI score0.0081EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2023/02/15 4:33 a.m.•9 views

SUSE CVE-2018-3284

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

4.4CVSS6.9AI score0.023EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2023/02/15 4:33 a.m.•9 views

SUSE CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

4.3CVSS8.1AI score0.60631EPSS
Exploits2References111
SUSE CVE
SUSE CVE
•added 2023/02/15 4:31 a.m.•9 views

SUSE CVE-2018-5333

In the Linux kernel through 4.14.13, the rdscmsgatomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rdsatomicfreeop NULL pointer dereference...

2.9CVSS6.4AI score0.07679EPSS
Exploits5References14
SUSE CVE
SUSE CVE
•added 2023/02/15 4:29 a.m.•9 views

SUSE CVE-2018-7489

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...

9.8CVSS8.3AI score0.20135EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 4:27 a.m.•9 views

SUSE CVE-2018-11396

ephy-session.c in libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call...

7.5CVSS7.5AI score0.01494EPSS
Exploits5References5
SUSE CVE
SUSE CVE
•added 2023/02/15 4:23 a.m.•9 views

SUSE CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

6.8CVSS7.8AI score0.05039EPSS
Exploits0References37
SUSE CVE
SUSE CVE
•added 2023/02/15 4:23 a.m.•9 views

SUSE CVE-2018-17955

In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection...

7.8CVSS6.6AI score0.00309EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 4:22 a.m.•9 views

SUSE CVE-2018-19360

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization...

9.8CVSS8.9AI score0.10599EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2023/02/15 4:20 a.m.•9 views

SUSE CVE-2018-20784

In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfsrq's, which allows attackers to cause a denial of service infinite loop in updateblockedaverages or possibly have unspecified other impact by inducing a high load...

5.9CVSS6.8AI score0.04173EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2023/02/15 4:18 a.m.•9 views

SUSE CVE-2019-2614

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

4.4CVSS7AI score0.0281EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2023/02/15 4:17 a.m.•9 views

SUSE CVE-2019-3684

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem...

4CVSS7AI score0.00714EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2023/02/15 4:16 a.m.•9 views

SUSE CVE-2019-7283

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...

7.4CVSS6.7AI score0.01976EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:14 a.m.•9 views

SUSE CVE-2019-9144

An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact...

8.8CVSS7.4AI score0.02783EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:14 a.m.•9 views

SUSE CVE-2019-9500

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmfwowlndresults...

5CVSS7.9AI score0.03844EPSS
Exploits1References11
SUSE CVE
SUSE CVE
•added 2023/02/15 4:13 a.m.•9 views

SUSE CVE-2019-10098

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL...

8.2CVSS7.9AI score0.73981EPSS
Exploits1References8
SUSE CVE
SUSE CVE
•added 2023/02/15 4:10 a.m.•9 views

SUSE CVE-2019-13697

Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS6.7AI score0.00766EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2023/02/15 4:8 a.m.•9 views

SUSE CVE-2019-15538

An issue was discovered in xfssetattrnonsize in fs/xfs/xfsiops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfssetattrnonsize is failing to unlock the ILOCK after the xfsqmvopchownreserve call fails. This is primarily a local...

5.7CVSS7.4AI score0.03916EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2023/02/15 4:6 a.m.•9 views

SUSE CVE-2019-19057

Two memory leaks in the mwifiexpcieinitevtring function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption by triggering mwifiexmappcimemory failures, aka CID-d10dcb615c8e...

4CVSS6.8AI score0.00788EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2023/02/15 4:6 a.m.•9 views

SUSE CVE-2019-19526

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098...

4.6CVSS7.8AI score0.00433EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2023/02/15 4:6 a.m.•9 views

SUSE CVE-2019-19529

In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcbausb.c driver, aka CID-4d6636498c41...

4.6CVSS7.8AI score0.00445EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2023/02/15 4:5 a.m.•9 views

SUSE CVE-2019-20636

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by inputsetkeycode, aka CID-cb222aed03d7...

6.7CVSS6.6AI score0.00384EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:5 a.m.•9 views

SUSE CVE-2019-20794

An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID...

4.7CVSS6.6AI score0.00512EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:4 a.m.•9 views

SUSE CVE-2020-1749

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

7.5CVSS6AI score0.0124EPSS
Exploits0References42
SUSE CVE
SUSE CVE
•added 2023/02/15 4:1 a.m.•9 views

SUSE CVE-2020-7053

In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 and 5.x before 5.2, there is a use-after-free write in the i915ppgttclose function in drivers/gpu/drm/i915/i915gemgtt.c, aka CID-7dc40713618c. This is related to i915gemcontextdestroyioctl in...

5.3CVSS6.8AI score0.00617EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2023/02/15 4:1 a.m.•9 views

SUSE CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...

9.8CVSS7AI score0.45732EPSS
Exploits5References12
SUSE CVE
SUSE CVE
•added 2023/02/15 4:1 a.m.•9 views

SUSE CVE-2020-8840

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...

9.8CVSS8.3AI score0.26587EPSS
Exploits5References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:58 a.m.•9 views

SUSE CVE-2020-13132

An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...

4.6CVSS6.8AI score0.00638EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:56 a.m.•9 views

SUSE CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a...

7.8CVSS7.4AI score0.12996EPSS
Exploits6References4
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•9 views

SUSE CVE-2020-25668

A flaw was found in Linux Kernel because access to the global variable fgconsole is not properly synchronized leading to a use after free in confontop...

7CVSS6.4AI score0.01026EPSS
Exploits1References35
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•9 views

SUSE CVE-2020-26146

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented...

5.3CVSS6.8AI score0.05622EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•9 views

SUSE CVE-2020-26555

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BDADDR of the peer device to complete pairing without knowledge of the PIN...

5.4CVSS7.3AI score0.00887EPSS
Exploits1References18
SUSE CVE
SUSE CVE
•added 2023/02/15 3:51 a.m.•9 views

SUSE CVE-2020-29371

An issue was discovered in romfsdevread in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd...

4CVSS6.2AI score0.0069EPSS
Exploits1References25
SUSE CVE
SUSE CVE
•added 2023/02/15 3:51 a.m.•9 views

SUSE CVE-2020-29660

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/ttyio.c and drivers/tty/ttyjobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24...

7.4CVSS6.4AI score0.00468EPSS
Exploits1References34
SUSE CVE
SUSE CVE
•added 2023/02/15 3:50 a.m.•9 views

SUSE CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS...

8.8CVSS8AI score0.05018EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:50 a.m.•9 views

SUSE CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS...

8.8CVSS8AI score0.20929EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:50 a.m.•9 views

SUSE CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS...

8.8CVSS8AI score0.05018EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:50 a.m.•9 views

SUSE CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS...

8.8CVSS8AI score0.05041EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:49 a.m.•9 views

SUSE CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

8.8CVSS5.7AI score0.43988EPSS
Exploits27References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:49 a.m.•9 views

SUSE CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code...

8.4CVSS6.7AI score0.00282EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/02/15 3:45 a.m.•9 views

SUSE CVE-2021-22925

curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEWENV variables, libcurlcould be made to pass on uninitialized data from a stack based...

4.3CVSS6.3AI score0.04929EPSS
Exploits1References86
Total number of security vulnerabilities5000